Personal data is information that relates to an identified or identifiable person who could be identified, directly or indirectly based on the information.
Personal data includes an identifier like:
Sensitive personal data is also covered in GDPR as special categories of personal data. The special categories specifically include:
Under existing and new data protection rules anyone who processes personal information must make sure that the information is (amongst other things):
Organisations and businesses (which also include clubs, societies and charities), both large and small, use your personal data for a range of reasons.
Organisations hold personal data for a range of useful reasons necessary to provide a service, not just for marketing.
For many purposes, you would want companies to continue handling your personal information to perform the tasks you need them to.
Companies might also use your personal information to profile you in a way that many would find useful.
For example, Netflix uses personal data to recommend films and TV programmes that it thinks you’re likely to enjoy, and Amazon uses your shopping history to suggest similar products you might be interested in.
Facebook also collects information on how you use its services. This could be the type of content you view and engage with, the devices you use, your language and time zone, and when you visit third-party websites which use Facebook services (even when just hitting the 'like' button).
Personalised offers and recommendations may well be welcomed by individuals who want a more tailored service.
Other retailers might use information on your shopping habits and social interactions to inform direct marketing and suggest other products to you. Many retailers also use profiling to market directly to you using emails, texts and messages.
You have the right to object to profiling, including if it is used for direct marketing purposes, and companies must inform you of your right to object at the latest at their point of first communication with you and in their privacy notice.
If they receive an objection to processing personal data for marketing purposes, they must ensure that your personal data is no longer processed for such purposes.
You have a right to have personal data erased and to prevent processing in specific circumstances.
These include, but are not limited to:
You have the right to make a ‘subject of access request’, which allows you to act on your right to obtain access to your personal data held by a company. You can make them for free.
If the data you've provided is digitally processed, you’ll have the right to request that data in a machine-readable format and the right to have that transmitted to another data controller.
This right exists if you have provided your personal data to the company and:
In theory, the right to personal data portability will allow you to move, copy or transfer personal data more easily from one IT environment to another in a safer and more secure way.
This also enables you to take advantage of applications and services such as price comparison websites, which can use this data to find you a better deal.
For example, this could include the best energy provider to switch to, getting a competitive broadband package or finding the best mortgage deals through price comparison websites.