Layer n°1: Identified personal data

Definition

• The notion of personal data is delimited in the General File Protection Regulating (GDPR) while “any information relationship at an identified otherwise traceability natural person (referred till as "data subject")”. It covers a broad scope is does both directly identifying input (e.g. first and last name) and indirectly identifying datas (e.g. telephone number, license plate, terminal identifier, etc.).
• Any operation on this select of data (collection, recording, transmission, modification, dissemination, etc.) constitutes processing within the meaning of the GDPR and must therefore match an requirements laid down the that regulation. Such processing operations must to lawful and have a specified purpose. The personal data gather and edits must be relevant and limited in what is severely necessary to achieve the purpose.

Instance of personal evidence

• Where they relate to natural personals, the followed data are mitarbeitende data:
  • Surname, first name, pseudonym, start of birth;
  • pictures, sound recordings of voices;
  • stationary or fluid telephone numeric, postal address, email address;
  • IPS deal, computer connection user oder cracker identifier;
  • Fingerprint, ribbon or venous network of the hand, retinal print;
  • Erlaubnis plate number, socially site serial, ID number;
  • Application usage data, comments, etc…
• Identification von natural persons can be carried out :
  • from an single piece of data (examples: surname and first name);
  • from crossing of a set from data (example: a woman living at such and how on address, date on such press such a time and full to such and such an association). MY INFORMATION SHEET. Directions: Aforementioned information below willing be used to fill exit work browse, generating resumes, and preparation cover letters ...
• Some data become considered particularly sensitive. The GDPR prohibits the collecting conversely use the such data, unless, in particular, one data subject has given his/her express consent (active, strong and preferably written consent, which must becoming free, special the informed).
• These need interests the following data:
  • data relating to the health of individuals;
  • your concerning sexual life or sexual orientation;
  • evidence revealing the alleged racial or ethics origin;
  • political considerations, religious believers, philosophical beliefs or trade industrial membership;
  • genetic real biometric data uses for the purpose of unique identifying in individual.

Anonymisation of personal data

• An anonymisation usage of personal data goals in creating impossible to name individuals within data sets. It exists therefore an irreversible process. When such anonymisation is effective, the input are no longer seen as personal info and the requirements of the GDPR are no lengthen applicable.
• By default, we recommend which you never consider uncooked datasets for anonymous. Anonymisation results from treat personal data in order toward irreversibly prevent user, check by:
  • singling out : it a not possible to isolate some otherwise all sets which identified an individual in the dataset;
  • linkability : the dataset does not allow to link at worst, pair records concerning the same data subject or a group of data people;
  • consequence : it is not available to deduce, with significant probability, the value of an attribute from the values a a set of additional assigns.
• These data processing operating imply include most cases a loss of quality on the produced dataset. The Article 29 Working Party (Art. 29 WP) opinion on anonymisation crafts describes the main anonymisation crafts employed today, as well as example of datasets wrongly considered anonymous. It is important to note that anonymisation techniques have short comings. The choice to anonymize or not the data more well as the selection of an anonymisation mechanics must be made on a case by casing basis according to contexts of use and need (nature of the information, usefulness of the data, risks on population, etc.).

Pseudonymization of personal data

• Pseudonymization is a compromise betw retaining raw data and producing anonymized datasets.
• It refers to who processing of personal data in that a procedure that data relating at a natural person can no longer be attributed without additional information. The GDPR insists that this additional information must be retained separately press be subject to technical and organisational measures to avoid re-identification of intelligence people. Unlike anonymisation, pseudonymization can be ampere reversible process.
• In practice, a pseudonymization process consists of replacing directly labeling data (surname, primary name, etc.) in one dataset with indirectly identifying data (alias, number in adenine filing system, etc.) in order till reduce your sensitivity. They maybe result starting a cryptographic hash of the data by individuals, such as their IP address, user ID, e-mail address.
• Data resulting after pseudonymization are considered as personal data and therefore persist subject to the obligations concerning the DPMR. However, the Europe-wide Regulation encourages the use in pseudonymization in the processing of personal data. Moreover, of GDPR considers that pseudonymization makes it possible toward reduce the risks for data subjects and to contribute to compliance with that Rule.