Non-personal data may fall under European Union privacy law

Companies may have to treat non-personal data from the European Union as if it were personal data and therefore subject to the bloc’s General Data Protection Regulation requirements, the European Commission said.

In guidance issued May 29 to coincide with the effective date of an EU law on non-personal data, the commission, the EU’s executive arm, said that where non-personal and personal data can’t easily be separated, the GDPR would automatically apply.

Under the guidance, if datasets consist largely of non-personal data with a minor element of personal data, companies will be “faced with no other choice than to apply the most stringent rules—the GDPR—to the entire dataset,” said Peter Van Dyck, a partner with Allen & Overy LLP in Brussels.

Full article published at Bloomberg Law.