‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Personal data is always critical data. It should be stored in a way that not authorized people have no access (e.g. by encrypting). If any such data is collected, a table containing the type of data collected, its purpose and which third parties it may be shared with for what purposes should be made.
Encrypted personal data may still be considered personal data. That part is a topic open for discussion and without any legal certainty. However, for our purposes, we may consider encrypted personal data as no personal data anymore if and only if the following criteria are met
For more information on the legal implications, also read the following articles: