The GDPR does specify what is personal data, but doesn't go out giving real-life interpretation examples. The categories given in the regulation are direct identifiers and indirect identifiers. The categories even include a good sampling of information types that belong in each.
Direct allows to identify an individual or a very small group from a single datapoint. Indirect allows to identify larger groups.
Or to put in terms most of us here understand.. Direct identifiers are personal information that would allow to send marketing junk to selected individuals. Indirect ones are those you would use to build marketing cohorts.
So if it's data your marketing department would like to grab, you can bet it's personal information under GDPR.
The GDPR does specify what is personal data, but doesn't go out giving real-life interpretation examples. The categories given in the regulation are direct identifiers and indirect identifiers. The categories even include a good sampling of information types that belong in each.
Direct allows to identify an individual or a very small group from a single datapoint. Indirect allows to identify larger groups.
Or to put in terms most of us here understand.. Direct identifiers are personal information that would allow to send marketing junk to selected individuals. Indirect ones are those you would use to build marketing cohorts.
So if it's data your marketing department would like to grab, you can bet it's personal information under GDPR.