Certified Information Privacy Professional – Europe (CIPP/E) — Question 4

Which of the following would most likely NOT be covered by the definition of “personal data” under the GDPR?

Answer options

• A. The payment card number of a Dutch citizen
• B. The U.S. social security number of an American citizen living in France
• C. The unlinked aggregated data used for statistical purposes by an Italian company
• D. The identification number of a German candidate for a professional examination in Germany

Correct answer: C

Explanation

The correct answer is C because unlinked aggregated data does not relate to identifiable individuals and therefore is not considered personal data under GDPR. In contrast, options A, B, and D all refer to data that can identify individuals and thus fall within the scope of personal data as defined by the regulation.