The definition that personal data means only data on a natural person still remains valid. Therefore, the Regulation does not apply to data on legal persons, including the name, the legal form and the contact details of a legal person. In the light of technical and technological progress, it was necessary to extend the range of information on natural persons which may make it possible to identify them. When compared to the existing definition, personal data as defined in Article 4 (1) of the GDPR now also means data of a technical nature, such as location data, on-line identifiers like an IP address, cookies. Also in this case, the condition must be fulfilled that this data must be of certain significance for the controller, and, at the same time, it must enable the identification of a particular natural person. This means that if, for example, an IP address can be used to determine the location of a particular individual, it is that person’s personal data and its processing is subject to the Regulation. The GDPR sets more specific rules for procedures for personal data processing, also in relation to these new categories of personal data. For example, monitoring of behaviour of individuals on the Internet using technologies that create profiles of these individuals for purposes of making decisions relating to the persons, or analysing or predicting their personal preferences, behaviours and attitudes will be considered as a personal data processing operation, which is defined by the GDPR as profiling.
The GDPR does not apply to the personal data of deceased persons, which is a change compared to the existing personal data protection Act no. 122/2013 Coll..