There has been a little confusion concerning what is defined as private data, as per the General Data Protection Regulation (GDPR). A great deal of this is because of the fact that there’s no set listing of what could be considered as private data. The meaning is often dependent on separate situations and which different items of private information are obtained.
There is a little assistance obtainable, in that the GDPR expresses that private data is data through which a living person can be known. However, this can imply different things for different people.
Looking at what is private data
Knowing that private data is anything which can allow a person to be known, we should study at this in various backgrounds.
For example, a man called John Smith can’t convincingly be known by his name only because there are many persons with the same name. Nevertheless, a man called Joseph Shuttleworth might possibly be known by name only. If the name only is sufficient to identify somebody then it’s thought to be private data. Now, consider at John Smith once more. If a company collects other info from him, like what automobile he drives which town he lives in and what telephone he uses, all of this info together might be used to recognize him. The info then becomes private data. The naming of the person is the essential part.
One significant modification that comes with General Data Protection Regulation is that, in specific conditions, identifiers like an IP address might be considered private data.
What companies should do
Given the modifications to the meaning of private data as per GDPR, it is a good practice for companies to perform a checking of the data they possess, to see if it is private data, and to decide whether they have obtained sufficient approval to save and use it. Failure to do this might lead to receiving a drastic penalty, like a big fine.