The General Data Protection Regulation (GDPR) defines personal data as “any information which are related to an identified or identifiable natural person.” By using the term ‘any type of information’, it can be determined that the intention of the GDPR is to be as broad as possible. Identifiers can be a name, an identification number (e.g. national insurance number, car registration plate), location address (e.g. information from the network or service about the location of a phone or other device), an online identifier (e.g. IP address) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Data may still be considered ‘personal data’ even without one of the above identifiers, e.g. if the content or subject matter is about an individual.
and where do they both apply?
and the Data Protection Act 2018?
Avoiding Email Data Security Breaches
For all of us, email can be both a blessing and a curse. On one hand you have the speed and convenience of communication, and on the other hand you have a significant information security risk...
Having assisted over 350 organisations achieve ISO 27001 certification, we are often asked about what we consider to be the critical steps when implementing an effective information security system.
ISO 27001 is the International Standard for Information Security Management. As with all ISO standards, it has been developed by a panel of experts from across the globe and provides a specification