The ultimate goal of the GDPR is to ensure that the private data of EU citizens remains just that — private.
In this GDRP minute, we discuss what is considered data under the GDPR and what rights do individuals have when it comes to their data.
The GDPR definition of ‘personal Data is pretty broad. It includes anything from an individual’s name, address, ssn, to their location to an online identifier, like a IP address or browser cookies that can track web activity.
An individual’s physical, physiological, genetic, mental, economic, cultural or social identity also falls under the definition of personal data and all of this is also protected under the GDPR.
As far as rights go, GDPR gives an individual the right to find out
- Whether their data is being processed
- Where it’s being processed
- What purpose their personal data is being processed.
Most individuals feel that organizations, corporations and the government know too much about them, and that is where GDPR comes in. The GDPR provides controls that it’s fine and legal that organizations and corporations know something about you but they have to justify why they have the data and what they plan to do with it.
Under the GDPR, individuals are entitled to have their personal data erased or not disseminated further, including potentially halting third parties from processing the data.
Individuals can also choose to move their data and can object to having it processed for direct marketing purposes.