The simple answer is that personal data is anything that others can use to identify you. Data protection is the process of safeguarding information from being compromised, identity theft, corruption, and more.

The EU General Data Protection Regulation (GDPR) defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’).

In particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Types of personal data include name, address, phone, email, birthdates, and bank account and credit card numbers, etc. The list grows with the change in legislation.

GDPR is a new set of rules governing the privacy and security of personal data laid down by the European Commission. It greatly increases the burden of data controllers, holding the employer entirely responsible for data breeches and any issues that may occur.

PCI data (payment card industry data) is just one type of personal data. The PCI Data Security Standard (PCI DSS) protects credit cardholder data such as debit or credit card number, expiration date and card security code.

Almost everyone can do more to protect personal data.  CSR Readiness® helps you assess your risk in handling personal data, remediate your processes, implement policies, train staff and continue to monitor and audit, as required by laws and regulations.

A breach can occur in many ways, including through lost laptops or smart phones, loss or improper disposal of paper records, intrusion into your network or PC by hackers and theft.  The definition continues to expand.