What Is Personal Data?

"Personal data" is a term that comes up constantly in privacy discussions. But what does it actually mean? And why does it matter for your business? Here is a clear answer, with a concrete example that might surprise you.

The definition

Personal data is any information that can be used to identify a person, directly or indirectly, alone or in combination with other information.

The straightforward examples are easy: a name, an email address, a home address. If someone receives these details, they know who you are. That makes them personal data.

But the definition goes further than most people expect.

Why "indirectly" matters

Consider this example. If someone knows your shoe size, that tells them nothing about who you are. On its own, it is just a number.

But imagine they also know when and where you bought your last pair of shoes, and which type it was. Combined, that information might be enough to identify you. At that point, even your shoe size becomes personal data.

This is not a theoretical edge case. It is how data protection law actually works. Information that seems harmless in isolation can become personal data the moment it is combined with something else. The key question is always: could this information, alone or together with other data, lead back to a specific person?

A broad concept by design

Data protection law interprets personal data broadly, and intentionally so. The goal is to protect people, not just the most obvious pieces of information about them.

In practice, this means that IP addresses, cookie identifiers, location data, and device fingerprints can all qualify as personal data, depending on the context. If you are hesitating about whether something counts, that hesitation is usually a good signal. Chances are it does.

What this means for your business

Any time your business collects, stores, or uses information that could identify a person, data protection rules apply. That covers more ground than many business owners initially assume.

A contact form, a newsletter subscription, an order history, an analytics tool tracking visitor behaviour on your website: all of these involve personal data, and all of them require a lawful basis for processing.

Getting clarity on what personal data you actually hold is a useful first step. It shapes everything else: what you need to disclose in your privacy notice, how long you can keep the data, and what rights your customers can exercise.

Not sure where to start? Book a free introduction call and we will help you get a clear picture.