Personal Data – GDPR For Hotels





Personal Data

What Is Personal Information?

You will see the terms “personal data”, “personal information”, “personally identifiable information” (and the abbreviation “PII”) used throughout this website.  The GDPR articles and recitals and the Information Commissioner’s Office in the UK use the term “Personal Data”.  We use the former terms here because they were used by the data protection experts with whom we worked in our own preparation and awareness.  Some people will like to use the term, “personal data”, we like to use “PII”.  It’s a bit more descriptive and for the layman it says what it means.  However we will learn to use “personal data”.

Personal Data – A Definition

GDPR Article 4 gives us a definition of Personal Data:

“Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”

This is not a definitive list.

What Is Sensitive Data?

GDPR offers examples of “Special Categories” of sensitive data as follows:

  • Racial or Ethnic Origin
  • Political Opinion or Affiliation
  • Religious or Political beliefs
  • Trade Union membership
  • Genetic or Biometric data (for the purpose of uniquely identifying a natural person)
  • Health related
  • Sex life or Sexual Orientation

There are additional obligations to control the processing of sensitive data.  As you can imagine, a breach involving this kind of data could bring extreme harm to a private individual.