What is personal data?

What is personal data?

Personal data means any data which can be used to identify an individual (such as name and address) and any information that relates to that individual from which they can be identified (for instance, details of the services provided to a particular individual).  The following types of personal data may be used:

• Personal contact details such as name, address, phone number, etc.
• Personal identifiers such as an NHS number
• Visual images, personal appearance and behaviour
• Personal or professional opinions about an individual
• Family details
• Employment
• Housing needs
• Lifestyle and social circumstances
• Pension or financial activity records
• Offences (including alleged offences)

There are two classes of personal data: "normal" personal data, as shown above, and "special categories" of personal data. "Special" data needs more protection due to its sensitivity. It is often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your: 

• Racial or ethnic origin
• Religious or philosophical beliefs
• Trade Union membership
• Physical or mental health
• Genetic or biometric data for the purpose of uniquely identifying a natural person
• Sexual life or orientation
• Political opinions

Where "normal" personal data is involved, the basis for processing under the GDPR would normally be Public Task. However, there are other bases available as necessary.

Where "special categories" of personal data are involved, then more rigorous procedures are necessary and:

• Explicit consent of the person concerned must be obtained; or
• One of the conditions in schedule 1 of the Data Protection Act 2018 must be satisfied.  For example, conditions relating to the employment or the substantial public interest conditions.