Tabla de contenido
What is considered personal data?
Organic Law 15/1999, of December 13, 1999, on the Protection of Personal DataPersonal Data (hereinafter LOPD), sets out a series of fundamental rights that citizens have with respect to their personal data. The Law aims to guarantee and protect, with regard to the processing of personal data, the public freedoms and fundamental rights of natural persons, and especially their honor and personal and family privacy. Likewise, we have Regulation 1720/2007, of development of the LOPD (hereinafter RLOPD).
The regulation recognizes a fundamental right through which the citizen’s power to control their personal data and the ability to dispose and decide on them is established, from LAWYOU we want to help you to know your rights and thus can protect them properly.
A personal data (article 3 section a LOPD) is any information concerning identified or identifiable natural persons.
The Regulation that develops the LOPD defines personal data as any numerical, alphabetical, graphic, photographic, acoustic or any other type of information concerning identified or identifiable natural persons.
In addition, the Regulation defines an identifiable person as any person whose identity can be determined, directly or indirectly, by means of any information relating to his physical, physiological, psychological, economic, cultural or social identity. A natural person shall not be considered identifiable if such identification requires disproportionate time or activities.
Therefore, it can be both name and surname, and other information, such as ID card, photographs, videos, voice recordings, … That is, the concept of personal data is understood in a broad sense, any data by which the natural person is recognized (identify the person) or that can be recognized without much effort (identifiable).
Are there different types of personal data?
According to LAWYOU experts, yes, we can differentiate by way of example the following:
Identification data: name, address, email address, signature, date of birth, nationality….
Employment data: job position, address, e-mail address, work telephone number…
Personal assets data: tax information, bank accounts, income,…
Academic data: degrees, certificates,…
Ideological data: religious beliefs, political and trade union affiliation, membership in civil organizations, religious associations,…
Health data: medical history, diseases, information, psychological and/or psychiatric information, percentage of disability, genetic information …
Data relating to personal characteristics: DNA, fingerprint, blood type…
Data relating to physical characteristics: skin color, hair color, iris…
Data relating to sexual life and habits: ethnic or racial origin,…
Are all data treated in the same way?
No, some personal data are of a personal nature.
No, some personal data are of a more sensitive nature and therefore require greater protection (article 81 RLOPD). We can differentiate them into the following categories:
- Basic level: all files of a personal nature.
- Medium level, files relating to:
- Administrative and criminal offenses
- Equity and credit solvency
- Tax authorities
- Financial entities, files for the provision of financial services
- Social Security management entities and common services
- Those containing personal data relating to the characteristics or personality of citizens
- High level, files relating to:
- Ideology, religion, health, trade union affiliation, racial origin, sexual orientation…
- Contain data collected for law enforcement purposes.
- They contain data derived from gender violence.
- Traffic data and location data of operators providing publicly available electronic communications services or operating public electronic communications networks.
How do we know who collects our data?
One of the main rights is the right to information (article 5 LOPD). According to this, when data are requested from the data subject, he/she must be informed in advance and in a free, specific, unequivocal and informed manner, of the existence of a file, of the possibility of exercising his/her rights and of the identity of the data controller, among other things.
From LAWYOU we emphasize the importance of the right to information that is configured as an obligation for the data controller, while it is a right for the data subject or affected person as it is the first step to subsequently be able to exercise the ARCO rights (access, rectification, cancellation and opposition).