Identifiable natural person meaning

This decision tree sets out a logical route to assess whether you may carry out postal direct marketing and, if so, who you can target. For other types of marketing, refer to: Direct marketing decision tree—email and other electronic mail marketing—data protection and Direct marketing decision tree—live telephone calls—data protection. Direct marketing is the communication—by any means—of advertising or marketing material directed at specific individuals. Note 1—personal data and corporate targets Postal marketing addressed to named individuals taken from your customer database involves processing personal data. The scope of personal data is broad enough to capture business-to-business marketing, particularly post sent to named individuals in their professional role: ‘Personal data’ covers any information relating to an identified or identifiable natural person...

This Practice Note outlines how financial services firms may rely on legal obligation or legitimate interest as a lawful basis for handling personal data under the General Data Protection Regulation (EU) 2016/679 (EU GDPR). For general information on the EU GDPR, see Practice Note: The EU’s General Data Protection Regulation (EU GDPR). Lawful grounds for data processing under the GDPR—summary for financial services firms Definitions Personal data: any information about an identified or identifiable natural person (data subject)—that is, someone who can be recognised, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors unique to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Processing: any operation or set of operations carried out on personal data or on sets of personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure...

FORTHCOMING CHANGE: This Practice Note sets out the law as it presently stands, though some aspects will be affected by the Digital Omnibus proposals issued on 19 November 2025 under the EU Commission’s ‘simplification’ programme. For more detail, see Practice Note: EU Digital Omnibus—tracker. It explores legal and practical issues around anonymisation, pseudonymisation and privacy enhancing technologies (PETs). It outlines what is required for robust anonymisation and pseudonymisation and summarises core techniques available. It further introduces the family of tools referred to as PETs. The analysis is framed by the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR), alongside relevant guidance. Anonymisation and pseudonymisation Under the EU GDPR, duties apply to the processing of ‘personal data’, meaning information about a living person who is identified or can be identified. While the EU GDPR provides no explicit definition of ‘anonymous data’, by inference it is data that is no longer personal because it no longer relates to an identified or identifiable person. Effective anonymisation therefore removes...

We must know exactly what personal data we possess so we can lawfully put measures in place to safeguard it... Please complete this questionnaire by [ insert date ] and return it to [ insert name or email address ]... The table below clarifies some of the terminology used in the questionnaire; if you have any questions, please contact [ insert name or email address ]... Term — Explanation Personal data – Information relating to an identified or identifiable living individual... Special category personal data – Personal data disclosing racial or ethnic background, political views, religious or philosophical beliefs, or trade union membership; data concerning health, a natural person's sex life or sexual orientation; biometric information processed to uniquely identify a person; genetic information... Data retention schedule – Internal guidelines stating how long data can be kept, which can be found [ state location, eg on our intranet ]... 1 Employees, workers and external consultants Do you store...