GDPR
Rules & Requirements
What Counts as Personal Data Under GDPR?
GDPR defines personal data as any info that identifies a person—names, IDs, biometrics, IPs — directly or indirectly.
What Counts as Personal Data Under GDPR?
Personal data under GDPR is defined broadly, covering any information that can directly or indirectly identify an individual.
Examples include:
Names, email addresses, phone numbers
Identification numbers (e.g., national ID, tax ID)
Location data and IP addresses
Online identifiers (cookies, device IDs)
Biometric data
Health information
Financial data
Any combination of data points that can identify an individual
Understanding what qualifies as personal data is essential for scoping GDPR compliance efforts and ensuring that appropriate controls are in place.
This clarity also supports alignment with global standards such as ISO 27001 and SOC 2.
In the Spotlight
Start your GDPR compliance journey with DSALTA's complete checklist.
The General Data Protection Regulation (GDPR) is Europe’s core privacy law, shaping how organizations collect, process, and protect the personal data of EU residents. Non-compliance can result in heavy fines, reputational damage, and loss of customer trust.
GDPR can feel complicated with its broad scope and strict requirements, but DSALTA® makes it manageable. With automated evidence collection, continuous monitoring, and AI- driven risk insights, you can maintain compliance without drowning in manual work. Use this checklist to guide your GDPR journey.
Read more about GDPR compliance with DSALTA.
Stop losing deals to compliance.
Get compliant. Keep building.
Join 100s of startups who got audit-ready in days, not months.