GDPR defines personal data as any data that relates to, identifies, describes, or could be associated with a person (the ‘data subject’) and includes the following: a person’s name, his/her ID number, a customer code created by the company that processes the data, online information such as IP addresses and/or cookies, GPS or other map data, and any reference to a person’s biographical information such as their race, sexuality, philosophical beliefs or religion, economic background etc.