LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How does the GDPR define "personal data," and why is the phrase "identified or identifiable" so important?

Personal data is any information relating to an identified or identifiable natural person — the "identifiable" part means indirect identification counts too.

The GDPR definition (Art. 4(1)) has three load-bearing ideas:

  • Natural person. Raw data (numbers, text, audio) is not inherently personal — it becomes personal only when it relates to a living individual. Data about an organization, a deceased person, or a group is not personal data.
  • Relates to an individual. This covers practically anything someone is, has said or done, owns, or may think.
  • Identified OR identifiable. It's personal not only through direct identifiers (name, contact info) but through indirect identification — if you can single someone out or pin them down by combining datasets.

That last word, identifiable, is why "we removed the names" is rarely enough: the law cares whether a person can be re-identified, not whether you left an obvious label.

Go deeper:

From Quiz: PRIVACY / Data Anonymization — k-Anonymity, l-Diversity & Re-identification | Updated: Jul 05, 2026