> For the complete documentation index, see [llms.txt](https://doc.dastra.eu/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://doc.dastra.eu/en/useful-reminders/gdpr-key-concepts/personal-data.md). # Personal data ### Definition of personal data According to the [ICO](https://ico.org.uk), **personal data** is *any information relating to an identified or identifiable natural person*. In other words, it is **any information that allows an individual to be identified directly or indirectly.** A natural person can be identified: * **Directly**: by a name, first name, photo, identification number, etc. * **Indirectly**: by cross-referencing information such as a phone number, email address, vehicle registration plate, voice or image. Identification can therefore be achieved: * from **a single piece of data** (e.g. national insurance number); * or by **combining multiple elements** (e.g. a woman born on a certain date, living in a certain city, working at a certain company). {% hint style="info" %} 💡 A company's general contact details are not, in principle, personal data (e.g. ****). However, a named email address such as **** is personal data. {% endhint %} *** ### 🗂️ Categories of personal data **Categories of personal data** group information according to its nature or use. Some common examples: * **Identity**: name, first name, date of birth, photo, signature * **Personal life**: address, family situation, hobbies * **Professional life**: CV, job title, performance reviews, salary * **Economic or financial situation**: income, bank accounts, transactions * **Connection and usage**: IP address, login identifier, logs, cookies * **Location**: GPS coordinates, travel history, movement records > 🔍 These categories are essential for **structuring your record of processing activities** and identifying the risks associated with each type of data. *** ### ⚠️ Special category data ("sensitive data") Certain personal data benefits from enhanced protection: these are **special category data**, as their use can have a significant impact on individuals' rights and freedoms. They reveal in particular: * **Racial or ethnic origin**, * **Political opinions**, * **Religious or philosophical beliefs**, * **Trade union membership**, * **Genetic or biometric data**, * **Health data**, * **Sexual orientation** or **sex life** of a person. {% hint style="info" %} Examples: fingerprints (biometrics), medical records, DNA, religious affiliation, professional badge photos containing biometric data. {% endhint %} *** ### 🚫 The prohibition principle and exceptions The **processing of special category data is prohibited**, except as provided by the GDPR (Article 9). These exceptions include in particular: * The data subject's **explicit consent**, * Data **manifestly made public** by the individual, * Processing **necessary to protect vital interests**, * Processing carried out by **associations** with political, religious, philosophical or trade union purposes for their members, * Processing necessary for reasons of **substantial public interest**. > These cases must always be **documented in the record** and accompanied by **appropriate security measures**. *** ### 🤖 Personal data and artificial intelligence **Artificial intelligence systems** frequently use personal data for model training, testing or operation. The **AI Act** complements the GDPR by imposing **traceability and documentation** of data used by AI systems. Examples: * Training data containing facial images (biometrics); * Text data drawn from private communications; * Behavioural data from sensors or browsing activity. Dastra allows you to **link personal data to its uses in AI systems**, within the **AI systems register**, to ensure cross-compliance between GDPR and the AI Act. {% content-ref url="/pages/4gJmuBpEKTAML1FBam7d" %} [AI Systems](/en/features/ai-systems.md) {% endcontent-ref %} *** ### 🔍 Go further {% hint style="success" %} 💡 **Good practice:** Identify, classify and document your data categories from the design phase of your processing activities or AI systems. This will make it easier to maintain your record and comply with the *privacy by design* principle. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.dastra.eu/en/useful-reminders/gdpr-key-concepts/personal-data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.