<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is [data] related to a [Digital Subject]


[{$pagename}] has many different definitions within both [Regulatory compliance] and [Standard compliance].

[{$pagename}] certainly would include [Personally Identifiable Information] and [Patient Data] and some definitions include using [Identity Correlation]


!! [{$pagename}] and [Contexts]
[{$pagename}] may be classified within two broad categories:
* [{$pagename}] that are [Identity Attributes]
* [{$pagename}] that when used with [Identity Correlation] could provide [Identification] of the [entity] ([Personally Identifiable Information] ([PII]))
* [{$pagename}]  only refers to [Natural Persons].

[Organizational Entities|Organizational Entity] may be [Sensitive Data] or have a [Data Classification] of [Confidential] [data] but __NOT__ [{$pagename}] or ([Personally Identifiable Information] ([PII]))

! [{$pagename}] and Medical Care
[{$pagename}] within the [context] of Medical Care we refer to as [Patient Data] is considered [{$pagename}]. This [Patient Data] is interpreted differently even within the different [contexts] within Medical Care

! [HIPAA]
Within [HIPAA] [Protected Health Information] is considered [{$pagename}] even though it is not directly able to provide [Identification].

! [European Commission] ([GDPR] [PSD2])
According to the [European Commission] &quot;[{$pagename}] is any [information|data] relating to an individual, whether it relates to his or her private, professional or public life. [{$pagename}] can be anything from a [name|NAME], a photo, an [email Address], [bank] details, posts on [social networking websites|Social Websites], [medical information|Patient Data], or a computer’s [IP Address].&quot; [1]

[{$pagename}] only includes information relating to [Natural Persons] who:[4]
* can be identified or who are identifiable, directly from the information in question; or
* who can be indirectly identified from that information in combination with other information.
* [{$pagename}] may also include special categories of [{$pagename}] or [criminal] conviction and offences [data]. These are considered to be more sensitive and you may only process them in more limited circumstances.
* [Pseudonymised data|Pseudonymous] can help reduce [privacy risks|Privacy Considerations] by making it more difficult to identify individuals, but it is still [{$pagename}].
* If [{$pagename}] can be truly anonymised then the [anonymised data|Anonymous] is not subject to the [GDPR]. It is important to understand what [{$pagename}] is in order to understand if the data has been anonymised.
* Information about a __deceased person does not constitute [{$pagename}] and therefore is not subject to the [GDPR]__.
* Information about companies or public authorities is not personal data.
However, information about individuals acting as sole traders, [employees], partners and company directors where they are individually identifiable and the information relates to them as an individual may constitute [{$pagename}].


Any information related to an [identified] or identifiable [Natural Person] that could be used to directly or indirectly identify that [Natural Person] is covered by [GDPR]. Such data includes: (but is not limited to)
* [Customer] [data], purchasing histories, pictures, emails, names and phone numbers;
* [IP addresses|IP Address] and motor vehicle registration numbers;
* [B2B] and [B2C] information;
* [Biometric|Biometric data] information such as [fingerprints], faces, voice prints and eyeballs.
[entities] are responsible for any [{$pagename}] they collect, whether that [data] resides in a [customer] [database], [employee] [database], or __even a supplier [database]__. What’s more, [Custodian] of [personal data] collected by a company — even if they just store the [data] and don’t have access to it — need to comply with the [GDPR] or [risk] being fined.

Specific mention and inclusion of [data] relating to:
* [sexual orientation] 
* religious or philosophical beliefs 
* ethnic origins
* political opinions 
* trade union membership
* [Patient Data]
* [Genetic Data]
is included.

Not only is the [{$pagename}] itself covered by the [General Data Protection Regulation], but everything that’s done with the [data], too. &quot;[Processors|Data Processor] [[of data] also have a [Responsibility],&quot; Hammarstrand said. &quot;What’s new in this [legislation|Regulation] is they have a direct [responsibility]. They could actually be reviewed and fined if they are not complying with the legislation.&quot;



!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [General_Data_Protection_Regulation|Wikipedia:General_Data_Protection_Regulation|target='_blank'] - based on information obtained 2016-07-10
* [#2] - [the rules only apply to personal data about individuals|https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/application-regulation/do-data-protection-rules-apply-data-about-company_en|target='_blank'] - based on information obtained 2019-07-16 
* [#3] - [GDPR Recital 14 – GDPR applies to natural persons, not legal persons|https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&amp;toc=OJ:L:2016:119:FULL|target='_blank'] - based on information obtained 2019-07-16 
* [#2] - [What is personal data?|https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/|target='_blank'] - based on information obtained 2019-09-03 




















</pre>