Personal data redefined
The most important change in the GDPR is the definition of personal data. The GDPR reflects changes in technology and the ways that organizations collect data about people. Overall, the change is deemed to be good for privacy but bad for existing marketing and sales techniques. Profiling, or developing a snapshot of an individual’s preferences using browser history, purchase history, and so on, will no longer be acceptable under the GDPR unless the individual in question has explicitly consented.
Under the DPD, personal data was defined as data such as names, photos, email addresses, phone numbers, addresses, and personal identification numbers (social security, bank account, etc.).
Under the GDPR, personal data is defined as any information that could be used, on its own or in conjunction with other data, to identify an individual. This data includes IP addresses, mobile device identifiers, and geolocation and biometric data (fingerprints, retina scans, etc.). The GDPR also covers data related to an individual’s physical, psychological, genetic, mental, economic, cultural, or social identity.