Comment by trashb

Yes, actually the AVG (GDPR) is very broad in what it considers personal data.

Sadly that means it is not enforced well since it is too broad to be enforced in a meaningful way. And therefore it is violated A LOT, both by companies or people since no one can be bothered!

AVG (GDPR) includes the following things as personal data: name, address, phone number, passport photo, information about someone's behavior on websites, allergies, customer or staff numbers, recognizable recordings and more.

Rule of thumb, any information that can be used to relate a specific person.