Chapter 3

Digging In to Data: What’s Personal, What’s Sensitive, and How It’s Processed

IN THIS CHAPTER

Bullet Seeing what's personal data — and what isn't

Bullet Recognizing and dealing with special-category data

Bullet Understanding the lawful grounds of processing

Bullet Discovering the consequences of processing without a lawful ground

It's a simple fact that pretty much every organization (no matter what the size) is collecting and using individuals’ personal data and of course processing that data to gain benefit from it (such as emailing potential customers or storing personal data of employees).

The GDPR regulates how organizations process personal data. How processing of data is defined is exceptionally broad and I cover this in-depth later on in this chapter.

Before I do that, however, I want to describe what is meant by personal data, a term that also has a far-reaching definition in the GDPR. Personal data is defined in the GDPR as “any information relating to a natural person who is identified or identifiable, directly or indirectly, with particular reference to an identifier, such as name, ID ...

Get GDPR For Dummies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial