Data Mining and GDPR Compliance

Unlike most privacy regulations in the U.S., the EU defines the term “personal data” broadly—it includes “any information relating to an identified or identifiable natural person (the ‘data subject’).”

This means that even the most basic contact information, such as business card details or simply a name and email address, falls under the GDPR’s protections. Public sources of information, such as a residential phone listing, are not exempted from the GDPR’s restrictions.

Source: Data Mining and GDPR Compliance: Dealing with Obtaining EU Personal Information from Third Parties Under the GDPR (Including a Notification Checklist!) – Lex Indicium

>