Data Protection Day 2023 – what is ‘personal data’?
Today marks Data Protection Day (or Data Privacy Day as our American cousins like to call it). On 26 April 2006 the Council of Europe launched a Data Protection Day to be celebrated each year globally, on 28 January.
What is ‘Data Protection Day’ for?
Data Protection Day serves as a reminder that personal data should always be treated with care and absolute transparency. Data security “health checks” should be an ongoing process wherever data may be present to ensure you have appropriate controls in place to safeguard your personal information. Therefore it is important to remember that protecting data is more than just a yearly event. Protecting your personal information should be made a regular priority for individuals and organisations alike.
What is classed as ‘personal data’?
Personal data is at the heart of the GDPR, however, many are still unsure of just what exactly ‘personal data’ is. Personal data is information that relates to an identified or identifiable individual. As a result, if it is possible to identify an individual directly from the information you are processing, then that information may be personal data. There is no definitive list of what constitutes personal data but it could include, for example, name, ID number, location, marital status, ethnic origin, religious beliefs, political opinions, genetic data, health data or even sexual orientation. We recently published a Guide to Demonstrating GDPR Accountability.
That’s a vast amount of information, more so when you take into account just how much information is readily available from a person’s social media accounts. Those may be the obvious culprits, but what about your handheld device? How much do you really know about the personal data you’ve shared unwittingly when downloading an app, do you know what is being done with that information? You’re not alone. For example, in a recent survey by Pew Research Center, they found that four out of five people surveyed, feel they have no control over the data collected about them.
How do they collect it?
Picture this common scenario: You were snowed under all week with work, and now doing the food shopping feels like a mammoth task. You visit the supermarket’s website on your phone to order your weekly shop, but you need to install another app to place the order. Then it pops up, the legalese, the permissions. You click “accept” over and over, just to get it done without a second thought. One of those things you most likely agreed to in your haste was the app’s privacy policies.
Before you panic, it’s worth being aware that we actually have a lot more control over our personal data than you think. We just need the knowledge to understand the information deep within those lengthy privacy policies.
Under the GDPR, a privacy notice should disclose information such as:
- the type of data collected
- purposes of its use
- how the information is collected (e.g cookies)
- the validity of the privacy policy
- possible policy changes and how you’ll be affected
- what control you have over your data
- the security measures in place to protect your data
- whether any third parties will have access to your data
- the people accountable for the company privacy practices and their contact information
“That seems straightforward enough” I hear you say. But the main challenge lies within understanding the “legalese”. Add to that, some policies are so long that they take time to read – as an example, Facebook’s privacy policy takes over 15 minutes to read through, which is fairly standard. How many people who own an account on Facebook have taken the time to read through its privacy agreements? We’re going to guess a small percentage compared to active users.
But thanks to certain requirements in the GDPR, privacy policies may be getting shorter and easier to read – for some tips, we layout how to write a GDPR copliance privacy notice. Nevertheless, it is a good idea to learn some of the key data protection terms in order to gain an understanding of your data rights. We have laid out some common data terms to guide you. We have also recently published “What is an appropriate policy document and when is it needed?” which is helpful in understanding your compliance obligations when it comes to special category data and data relating to criminal convictions.
So what is the value of your personal data?
What would it cost you if someone stole your identity by hacking your accounts? If they impersonated you on your social media accounts and isolated your friends and family? What is your reputation worth? All of these are worth securing. Perhaps that’s where we can find the true value of our data, after all, knowledge is power.
Need help?
If you are trying to clarify whether you are at risk of a data breach, or want to discuss what your business needs in order to prevent a breach, we can help. Our highly qualified, expert consultants offer a wide range of data protection services.
