What is personal data?

As a rule, the term “personal data” is enshrined at the level of national legislation. For example, in the European Union, processing of personal data is regulated by the General Data Protection Regulation (GDPR), in Canada by the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA), in the United States (in California) by the California Consumer Privacy Act (CCPA).

These laws govern how businesses must behave when collecting and processing customer and employee data.

There are slight differences in the definition of personal data, but in order to make it easier to understand, we will use the GDPR definition.

  • Personal data is any information relating to an identified or identifiable natural person (“data subject”, i.e. a person).
  • An identified natural person is a person whose identifier (name, phone number, personal number, login, etc.) is present in the data.
  • An identifiable natural person, in turn, is a person who can be easily identified, that is, distinguished from other people.

Personal data is not only the identifier itself, but also the information related to a person. In simple terms, name, passport number, ID card, username, nickname, e-mail address, phone number, IP address, bank card data are always personal data, because they are identifiers. A license plate number, handwriting, videotape or photo are probably personal data because they are easily identifiable. Address, marital status, sex, gender, e-wallet information, health information, page views, searches, social media posts are personal data when you know who it belongs to.

How does a business comply with data protection laws?


Conducting an audit of business processes

We audit current and future business processes for compliance.
We create a Data Map to identify potential irregularities.


Drawing up company policies regarding the processing of personal data

We draw up a privacy policy, privacy notice, cookie policy and other necessary documents.


Conducting an audit of the web-site/application

We check the availability of the necessary consent collection forms, the operation of cookies, the location of legal documents and make recommendations as a result.


We prepare and conclude data processing agreements with your counterparties

If you transfer personal data to third countries, you will need to enter into Data Processing Agreements.


Appointing a Data Protection Officer (DPO)

The designation of a DPO is mandatory if:
(a) the processing is carried out by a public body or authority other than courts of competent jurisdiction; or
(b) the legal entity's principal activities consist of data processing operations that, by their nature, scope and/or purpose, require regular and systematic monitoring of data subjects on a large scale; or
(c) the legal entity's core business consists of large-scale processing of special categories of data pursuant to Article 9 of the GDPR and of personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR.


Conducting a Data Protection Impact Assessment (DPIA)

Conducting a DPIA on a regular basis is only necessary for some specific processing activities, namely those activities that may have a significant impact on the rights and freedoms of data subjects.


Provide employee training

Employee training on safe handling of personal data is mandatory. We will teach your employees how to respond to requests from data subjects and regulators.


Our advantages

Сопровождение стартапов


We always offer several solutions


Quick and prompt responses in Telegram or Slack. Regular calls in Google Meet/Zoom.

Публикация приложений в Google Play и AppStore - фото 2

of work

Full reporting on the time spent

License Curacao - фото 3


No unexpected costs. All project costs are agreed upfront

Our clients


Mon-Fri 10:00-19:00


Konyskoho St. 55А, Kyiv, Ukraine, 04053


Mon-Fri 10:00-19:00


Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-315, 10152


Mon-Fri 10:00-19:00

United States

228 Park Ave S PMB 516920 New York, New York 10003-1502 US