GDPR defines personal data as any information related to a natural person (or “Data Subject”) that can be used to directly or indirectly identify the person. If you intend to collect personal data from people in the EU, you must first obtain explicit consent from your data subjects.
Please note that the GDPR also refers to “special categories of personal data,” which require additional security. These include:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs, or trade union membership
- Genetic data or biometric data for the purpose of uniquely identifying a natural person
- Data concerning health or data concerning a natural person’s sex life or sexual orientation
Refer to the GDPR provisions or talk to your GDPR consultant for specific requirements.