How the GDPR defines personal data

This is the next in our series of posts to count down to May 25, 2018, which is when the General Data Protection Regulation (GDPR) goes into effect.

 Personal Data GDPR | Binary Tree

Under this new privacy law, residents of the EU have more control than ever over their personal data. For example, they can ask you to show, export, or delete the personal data you have stored about them. Or they can choose not to let you gather data about them in the first place.

And the GDPR applies to a very broad range of data. Even if you’ve taken steps to anonymize the data, like when you use pseudonyms or key-code it, it can still fall within the scope of the GDPR. Here are some examples of what’s considered personal data. (Side note: It’s by no means a complete list—your organization might have unique categories, depending on what you do—but it should give you a good starting point.)

Personal data

This is any information that could be used to identify a real person, either directly or indirectly. Examples:

  • Name
  • Identification number (like their social security number or driver’s license)
  • Location data (like their physical address)
  • Online identifier (like their email address, screen name, IP address, device ID)

Sensitive personal data

The GDPR also specifies sensitive categories of data that you need to take special care with when you store and process it. Examples:

  • Genetic data (such as a person’s gene sequence)
  • Biometric data (such as fingerprints, facial recognition, retinal scans)
  • Sub-categories of personal data like:
    • Racial or ethnic origin
    • Political opinions, religious or philosophical beliefs
    • Trade union membership
    • Data about a person’s health
    • Data about a person’s sexual orientation

Need help with the GDPR?

We at Binary Tree are doing our part to help our clients protect the privacy of their own customers. We can help you move to Office 365, which Microsoft has committed will comply with GDPR by the deadline. By adopting Office 365, you can:

  • Find and catalog the personal data in your systems
  • Build a more secure environment
  • Simplify how you manage and monitor personal data
  • Give you tools and resources to meet reporting and assessment requirements



  1. Supporting your journey to EU GDPR compliance with Microsoft Enterprise Mobility + Security. June 2017.
  2. GDPR: Key definitions. Accessed February 6.