|
|
|
|
|
|
by icebraining
2697 days ago
|
|
|
The GDPR says "'personal data’ means any information relating to an identified or identifiable natural person". So as long as this derived data is directly related to a person, the GDPR applies. More explicitly, the UK's regulator says: "You should however note that if this ‘inferred’ or ‘derived’ data is personal data, you still need to provide it to an individual if they make a subject access request." |
|
|