The GDPR focuses on protecting the personal data of “data subjects”, that is living people inside the EU. Whether you’re in the EU as a citizen, just travelling through, an immigrant, a resident or on a work visa, if you’re in an EU member state then you are a data subject in the eyes of the GDPR and your personal data must be protected.
This is the process of replacing certain pieces of data, e.g. within a set of customer data, with an artificial identifier to help mask the real identity of the data subject. Whilst this technique would help reduce the impact on a subject if the data were to be stolen, it is not full anonymisation, and therefore pseudonymised data is still recognised as personal data in the GDPR.
Working Party 29 (WP29)
The Article 29 Working Party is composed of representatives of the national data protection authorities (DPA), the EDPS and the European Commission. Its main tasks are to provide expert advice from the national level to the European Commission on data protection matters.The WP29 is the group of people that translates the GDPR into some recommended practices for country DPAs, controllers and processors. More information on the WP29 here.