By now you should be ‘up to the teeth’ in emails from organisations
desperately attempting to comply with new EU
regulations about personal data. What has probably surprised you is the
number of organisations that actually have your personal contact
information and if you’ve been reading this stuff carefully, just how
many are still not complying with the law.
However, it’s about time that laws came it to protect individual rights and right to privacy
Very briefly, the GDPR applies to ‘personal data’. However, the
GDPR’s definition is quite detailed and makes it clear that information
such as an online identifier – eg an IP address – can be personal data.
It applies to both automated personal data and to manual filing systems
where personal data are accessible according to specific criteria.
Personal data that has been pseudonymised – eg key-coded – falls
within its scope as does sensitive personal data as “special categories
of personal data.” Special categories specifically include genetic data
and biometric data where processed to uniquely identify an individual.