What is personal data under GDPR?

GDPR defines personal data as any information related to an identified individual or that can be used directly or indirectly to identify an individual. Article 4(1) of the General Data Protection Regulation, defines that:

“personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly”

As GDPR takes a very broad definition, personal data can include direct identifiers such as your name, address, phone number and indirect identifiers such as specific information that is related to you. GDPR’s concept of personal data also includes online identifiers such as IP addresses, cookies, mobile device IDs and location data.