The General Data Protection Regulation (GDPR) defines ‘personal data’ as ‘any information relating to an identified or identifiable natural person’.

An identifiable natural person is defined as one ‘who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’

Personal data may include photographs, email messages and data recorded by closed-circuit television (CCTV), if a person can be identified from this. It also includes data identified by reference numbers, where a separate list can be used to match the reference numbers to named individuals – so called pseudonymized data.

This, however, does not mean that all information provided during research by a person (e.g. during interviews) is personal data. If a person cannot be identified directly or indirectly from the information, then the information is not defined as personal data.

Please make sure to comply with our rules concerning data protection in data collections before uploading and publishing datasets.