Personal data

“Personal data” is one of the most commonly used terms for information that relates to or is capable of uniquely identifying a person. It is the predominant term in privacy law and professional communication in the European Union. Notably, it is defined in the General Data Protection Regulation (GDPR) as follows:

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The GDPR establishes the principles for the collection and use of personal data by companies, including stricter rules for processing what it calls “special categories of personal data”, or, alternatively, sensitive personal data.

India’s Digital Personal Data Protection Act (DPDPA) also uses the term “personal data” and defines it as “any data about an individual who is identifiable by or in relation to such data”.

“Personal data” is equivalent to “personal information”, a term that is mostly used in North America. A related term that is often used in the cybersecurity community regardless of national tradition is “personally identifiable information” (PII).