Personal data is information relating to an identified or identifiable natural person. This includes name, e-mail address, telephone number or even an IP address. As soon as information directly or indirectly allows conclusions to be drawn about a person, it is considered personal.
What counts as personal data?
Typical personal data is:
Name, address, telephone number
Email address (e.g. vorname.nachname@firma.de)
Date of birth, bank details, tax ID
IP address or location data
Application documents, photos, health data (e.g. in the personnel file)
Why do you need personal data?
In the day-to-day work of small and medium-sized enterprises (SMEs), personal data is often required to:
Manage employees (e.g., payroll, vacation)
Serve customers (e.g., quotes, invoices, support)
Conclude contracts and document services
Comply with legal obligations (e.g. retention obligations, accounting)
Where do you encounter them in the day-to-day work of an SME?
In e-mail correspondence with customers, partners or applicants
In CRM systems to manage customer contacts
On invoices, offers or delivery notes
When using time tracking or HR tools
When accessing personal data of colleagues, e.g. vacation requests or sick notes
Note on security:
The handling of personal data is subject to data protection law – in particular the GDPR. SMEs should ensure that data is only collected when it is really needed, that it is stored securely and that only authorised persons have access to it. Protecting personal data not only protects privacy – but also the trust of employees and customers.
