How is "personal data" defined under the GDPR?

The definition of "personal data" under the General Data Protection Regulation (GDPR) is that it encompasses any information related to an identified or identifiable person. This broad definition includes not just names and identification numbers but also other identifiers such as location data, online identifiers, and specific factors related to the physical, physiological, genetic, mental, economic, cultural, or social identity of a person.

This comprehensive scope ensures that various forms of information that can be linked to individuals are covered, thereby protecting individuals' privacy rights. The GDPR’s aim is to provide enhanced protection for personal data and enforce strict obligations on entities that collect or process such data, making it crucial for organizations to understand what constitutes personal data in order to comply with the regulation effectively.

The other options don't align with the GDPR's definition. For instance, limiting personal data to physical addresses is too narrow, excluding many other types of information. Similarly, data collected from public sources can still be classified as personal data if it pertains to identifiable individuals, and restricting personal data to information used solely for commercial purposes does not capture the full range of personal data covered by the regulation.