Personal Data

Personal data under GDPR is any information that relates to an identified or identifiable natural person (the "data subject"). This includes obvious identifiers like names and email addresses, but also IP addresses, cookie IDs, location data, device identifiers, and behavioral data.

Special categories of personal data receive heightened protection: health data, genetic data, biometric data, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, and trade union membership. Processing these requires explicit consent or a specific legal exception.

Pseudonymized data (where identifiers are replaced with codes) is still personal data if re-identification is possible. Truly anonymized data — where re-identification is not reasonably possible — falls outside GDPR scope.