The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

What is Personal Data?

The definition in the Data Protection Acts reads:

"personal data" means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller;

A similar definition is contained in the EU Data Protection Directive (95/46/EC):
"personal data"  shall mean any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

The definition is – deliberately - a very broad one.  In principle, it covers any information that relates to an identifiable, living individual.  However, it needs to be borne in mind that data may become personal from information that could likely come into the possession of a data controller.

There are different ways in which an individual can be considered 'identifiable'.  A person's full name is an obvious likely identifier.  But a person can also be identifiable from other information, including a combination of identification elements such as physical characteristics, pseudonyms occupation, address etc.

The definition is also technology neutral.  It does not matter how the personal data is stored – on paper, on an IT system, on a CCTV system etc.

More extensive guidance on this topic is contained in Opinion 4/2007 of the EU Article 29 Working Party