Essential Digital Skills Level 1

111 videos, 7 hours and 55 minutes

Course Content

Data Subject and Personal Data under GDPR

Video 89 of 111
2 min 20 sec
English
English

Data Protection and GDPR: Understanding Data Subjects and Processing

Introduction

A data subject refers to a living individual who can be directly or indirectly identified by specific information. This definition has evolved to accommodate technological advancements.

Identifying Data Subjects

An online identifier, such as an IP address, cookie identifiers, RFID tags, or MAC addresses, when combined with unique identifiers and other server-received information, can create individual profiles and facilitate identification.

Personal Data under GDPR

Under GDPR, personal data encompasses any information pertaining to an identified or identifiable person. This includes their name, address, social media posts, photographs, email addresses, medical records, banking details, online identifiers, or computer IP addresses.

If the data being processed can uniquely identify an individual, it qualifies as personal data. This is often evident when possessing their name and address, corporate email address containing their full name, or similar identifying information.

Further guidance on identifying individuals is available on the Information Commissioner's website.

Sensitive Personal Data

GDPR also recognizes sensitive personal data, which includes racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, trade union memberships, medical conditions, and information regarding criminal convictions or offences. This category requires heightened protection.

Understanding Processing under GDPR

Processing, as defined under GDPR, encompasses any action performed on personal data, whether manual or automated. This includes data collection, storage, and deletion. Merely storing data without active manipulation still qualifies as processing under GDPR regulations.

Learning Outcomes:
  • EDSQ Unit 5 LO 13.3