LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How do the GDPR and the Swiss revDSG legally define "personal data"?

Both define personal data as any information relating to an identified or identifiable natural person — the affected individual is called the "data subject" (betroffene Person).

Decision flow on whether information relates to an identified or identifiable person, switching on the law.

* The identifiability test that turns information into personal data. *

The two leading frameworks use almost identical wording, which is why the concept travels across both regimes:

Framework Legal definition
EU GDPR, Art. 4 No. 1 "All information relating to an identified or identifiable natural person (the 'data subject')."
Swiss revDSG, Art. 5 "All information relating to a specified or identifiable natural person."

The decisive word is "identifiable." Data does not need to name you directly to be personal — if you can be singled out indirectly (for example by combining an account number with a lookup list, or an address with a registry), it already counts as personal data.

Examples explicitly raised in the source: name, place of residence, date of birth, phone number, religious affiliation, account number. Note that some of these (religion) are not just personal data but specially protected data.

Why it matters: This single definition is the on/off switch for the entire law. If data is "personal," the whole DSG/GDPR apparatus (purpose limitation, justification, data-subject rights) applies. If it genuinely is not, the law does not reach it at all.

Go deeper:

From Quiz: PRIVACY / Introduction to Privacy and Data Protection | Updated: Jul 14, 2026