Much like the Data Protection Act 1998, GDPR applies to personal data. The current Data Protection Directive defines personal data as; "any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular byreference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity."
However, although this definition will mostly remain unchanged, it will be slightly more detailed in that it will make clear that online identifiers, such as an IP address, will also be classed as personal data.
Sensitive personal data - The GDPR refers to sensitive personal data as "special categories of personal data which uniqely identify a person." This will include genetic data and biometric data.