Yes, you do.
Okay, you probably do.
A lot of people, professional people I run into say “Oh, I don’t proces personal data. So GDPR doesn’t apply to me.”
Sorry person, you do, unless you don’t have anything to do with people in your business.
I mean. It could be.
Maybe you don’t have any employees and no contact to the outside world.
Then it might be true.
But what is personal data actually?
Personal data is any information which can be traced to a person. It can be as text, speech, a code, a picture, recording, video and etc. – Until a piece of personal data can’t be traced back to a person and he/she can’t be recognized.
That is when it is completely anonymized.
We work with a standard which is; If your mother can recognize you on a a piece of information, then it is not anonymized. It’s a good way to distinguish if the data is anonymized or not and a good rule to remember it by.
So what types of personal data is there?
In Danish national GDPR we have four categories. They are:
- General personal data
- Name, e-mail, phone number etc.
- Sensitive personal data
- Health, religion, political views etc.
- Criminal personal data
- Could also be a verdict from curt, that your address is in jail etc.
- Confidential personal data (CPR-no.)
- This one is specific for Danish national law since it isn’t addressed in the GDPR
So now what?
You just figured out that you are processing personal data but what to do now? Now you need to take steps to protect that data you are collecting, processing and might even sharing.
It’s actually your duty, legally.
/Hafsah
P.S. I will be doing some posts to explore relevant topics of the GDPR with you