Data protection is the act of protecting the personality and privacy of people by safeguarding important (personal) information.
Protecting personal user data is crucial in any business, particularly online business. This is because online, substantial quantities of data can be collected and exchanged and, therefore, also misappropriated, intercepted and stolen. But what even is personal data?
What is Personal Data?
When we speak of personal data, we speak of data that fulfils all of the following three requirements:
The broadest of the three requirements – as almost anything can be considered information.
Relation to a person
The information given must be related to a person. This requirement is also open to broad interpretation since almost anything and any information can be related to a person.
Identified or Identifiable
Arguably the most relevant aspect when we speak about personal data. The information related to a person needs to identify the person or make the person identifiable.
In this example, we could be talking about a person dressed in turquoise, and although we have shared information related to a person, we didn’t share any personal data, since multiple people are dressed the same.
However, if we say “the person wearing the crown”, we have singled out one person and made them identifiable, so we have divulged personal data, even though we don’t know their name, age, email address, or any other personal information.
Now that we have looked at the three requirements for data to be considered personal, we will look at the three categories of personal data, one of which is specific to Switzerland.
Three Categories of Personal Data
The sensitive personal data as well as personality profiles have an increased need for protection and higher security measures.
As a company that is responsible for many different employees and takes care of an extensive range of customers, the topic of internal compliance is paramount. This is why across all Business Units and departments, our teams work closely with the Legal Department to ensure that processes and guidelines are in place. To increase risk awareness among all employees, we provide frequent mandatory training and allocate points of contact within each department to ensure that questions can be asked and answered at all times.
These processes are particularly important since, at SMG, we collect user data on our websites on two different levels.
Two Types of Data Collection
On our various brand websites, there are different ways we collect data. This is why we need to be aware of the distinction between “Provided Data” and “Collected Data”.
Provided data is personal data that a user proactively shares with us on our platforms. This could include:
– Opening an account
– Signing up for a newsletter
– Buying a product
– Placing or reviewing a listing
– Chatting over the platform
– Requesting an offer
This means the data is being collected in the background whilst a user is moving around on our platforms. This data can be used to create the aforementioned Personality Profiles that require increased protection measures.
This could include data collected by cookies such as:
– Personal preferences
– Product usage
– Browsing behaviour
– Personality profiles
– Prediction models
So we can conclude that not only are there different types of personal data that require different levels of protection, but there are also different types of data collection when it comes to gathering data from users on a website.
With this article, we wanted to give you an insight into what personal data means, how we distinguish between different types of personal data, and how, at SMG, we divide the collected data into two categories.
Thanks go to Stephanie Engelhardt-Scherf for giving us more insight into this important topic.