Personal data protection training

The Athens University of Economics and Business, continuing the training of its staff, carried out a series of trainings on the protection of personal data.

The value of personal data is non-negotiable and constantly increasing. Especially in the current era, it is obvious that the possession, access to them, and their management, is a matter of utmost importance. Consequently, their safety and protection are equally important, both at the level of natural persons and between companies and organizations.

The Quality Assurance Unit fully participated in the seminar organized by the Administrative Service of the AUEB in collaboration with the company ADACOM S.A. on "PROTECTION OF PERSONAL DATA", on 09.02.2024.

But what is personal data?

Personal data is information relating to an identified or identifiable living individual. Different information which, if collected together, can lead to the identification of a specific person is also personal data.

Personal data that has been anonymized, encrypted or pseudonymized but which can be used to re-identify an individual remains personal data and falls within the scope of the GDPR.

Personal data that has been anonymized in such a way that the individual is not or is no longer identifiable is no longer considered personal data. For data to be truly anonymous, the anonymization must be irreversible.

The GDPR protects personal data regardless of the technology used to process it. It is technology neutral and applies to both automated and manual processing, provided that the data is organized according to predefined criteria (e.g. alphabetical order). It also doesn't matter how the data is stored – in an information technology system, via video surveillance or in hard copy. In all cases, personal data is subject to the protection requirements provided by the GDPR.

Note that in some cases, there is specific legislation relating to specific areas regulating, for example, the use of location data or the use of cookies – ePrivacy Directive [Directive 2002/58/EC of the European Parliament and of the Council, of 12 July 2002 (OJ L 201 of 31.7.2002, p. 37) and Regulation (EC) no. 2006/2004 of the European Parliament and of the Council of 27 October 2004 (OJ L 364 of 9.12.2004, p. 1)].

Examples of personal data

name and surname

address

email address, e.g. name.lastname@company.com

card identification number

location data (eg the location data feature on a mobile phone) 

Internet Protocol (IP) address

cookie identifier

your phone's advertising ID

data held by a hospital or doctor, which could be a symbol that uniquely identifies an individual.

Referrals

Article 2, Article 4(1), Article 4(5) and Recitals 14, 15, 26, 27, 29 and 30 of the GDPR

Opinion 4/2007 of the Article 29, Working Group on the concept of personal data "personal data"

Opinion 05/2014 of the Article 29, Working group on anonymisation techniques