Personal Information GDPR

Nathan Rizzuti Profile image

Written by:

Updated January 5, 2023

Consumer privacy is critical in the world of online information. Thankfully, legislation like the European Union’s General Data Protection Regulation is beginning to enshrine rights for online users concerning their online identity. Below, we’ll discuss personal information and the GDPR. Then, we’ll explain what it is and how internet users can use the GDPR to protect their data.


  • The GDPR is a series of EU data protection laws passed in 2018.
  • The GDPR categorizes into different classes, personal information being the most highly protected.
  • Businesses must know the definitions of personal information to comply with GDPR standards.

We have additional resources for insight into the GDPR for US citizens, as well as an article on the GDPR’s right-to-be-forgotten laws.

Insider Tip

The definitions of what is and is not personal data are lengthy and exhaustive. Read through the GDPR’s definitions for the exact classification of the various data categories.

Personal Data Informtion GDPR

For internet users to understand the rights of the GDPR fully, they must first familiarize themselves with the various classes of data explained within the text. Among these classes, personal data is the most important.

It’s also necessary to understand that there are separate classifications between personal and sensitive personal data.

Under the GDPR, personal information is any online identifier linked to the physical identity of a living person, also known as a “Natural person.” When pieced together, personal data can link back to a natural person. Personal data includes:

  • Home Address
  • First/Last Name
  • Phone Number
  • Email Address
  • ID Numbers
  • Geo/Location Data
  • Cookie ID

As mentioned above, there’s also a classification known as sensitive personal data. This is a particular category of personal data with additional protections and stipulations under the GDPR. Personal Sensitive Data Includes:

  • Sexual Orientation
  • Social Security Number
  • Political Leaning
  • Trade Union Membership
  • Religious Beliefs
  • Health/Biometric.Genetic Data

The complete outline and definitions are found within the GDPR’s Article 4. There, it further distinguishes the extent of these privacy laws and what fundamental rights each user has within the boundaries.

Remember that other types of data privacy measures depend on where you live. For example, California has the CCPA. If you want o read more on this, be sure to check out our article that explains what a service provider is under the CCPA.


If a company fails to become GDPR compliant, it can result in hefty fines and fraying a business’s reputation among consumers.

How Organizations Can Process Personal Data

So, the GDPR defines personal information, but that doesn’t mean that that type of data is entirely off-limits. There are still instances where personal data may be processed, but there are clear stipulations around how any personal information processor may take place.

STAT: A report showed that 30% of EU businesses are still not compliant with the GDPR. (source)

If personal data is anonymized to a point where it cannot be traced back to the identifiable person, a company may process the information without a legal basis.

Personal Information GDPR FAQs

Does the GDPR apply to people living outside of the European Union?

While many countries have their version of data protection laws, the GDPR only applies to individuals and organizations operating within the EU.

Do US organizations need to comply with the GDPR?

If a company processes data of anyone within the European Union, their business must be made compliant with GDPR standards.

How do I know if my business is compliant with the GDPR?

There are many simple checklists available online that companies can use to understand if their organization is GDPR compliant.
Nathan Rizzuti Profile image