The General Data Protection Regulation (GDPR) protects personal data regardless of the technology used for collecting or processing that data. GDPR Article 4 defines personal data: “Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Personal data also includes:
- Religious beliefs
- Racial or ethnic origins and identities
- Genetic data
- Biometric data
- Philosophical beliefs
- Health records
- Sexual orientations
- Political opinions
- Memberships.
IP addresses are classified as personal data if they can be used to identify a person. For example, if users' IP addresses are collected alongside their other data and could be used to identify a person, then IP addresses should be classified as personal data.
Need to be GDPR compliant? Choose CookieScript Consent Management Platform, and we will take care of your website's GDPR and other privacy laws' compliance issues!