Personal identification number (PESEL number) more valuable than last name

When asked what falls under personal data, most Poles indicate first and foremost their personal identification number (PESEL number), and only then their name or address of residence. Few include their own image or car license plate number in this category. Unfortunately, the percentage of respondents who know how to take care of the security of their own personal data has decreased slightly compared to last year, and they see the greatest threat to them in fake phone calls, e-mails and text messages. These are the most important conclusions from a joint survey of the website and the National Debt Register under the patronage of the Personal Data Protection Office.

In a survey conducted at the beginning of May this year on a representative sample of Poles, in response to the question of what comprises personal data, as many as 91.9 percent of respondents indicated PESEL number, and 89.5 percent indicated first and last name. A high percentage of indications still received an address of residence (84.1 percent) and identity card number (78.4 percent). Far fewer respondents included their own image (45.1 percent), fingerprints (39.8 percent) or car license plate number (16.3 percent) as personal data.

The concept of personal data is defined in Article 4 of the GDPR. According to it, personal data means any information relating to an identified or identifiable natural person. In particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, we can identify someone.

- It is interesting that the largest number of respondents considered the personal identification number (PESEL number) first and then the first and last name as personal data. It seems that it is the uniqueness of PESEL number that affects us so strongly. What is alarming, on the other hand, is that only 45.1 percent of survey participants consider his or her image to be personal data. Similar thoughts are raised by the recognition of fingerprints as personal data by less than 40 percent of respondents. Biometric data that uniquely identify us are among the special category of data specified in the GDPR. The Personal Data Protection Office, in its educational program "Your Data - Your Concern" aimed at the youngest, regularly sensitises them to this issue, so we hope that awareness of this will grow every year," says Adam Sanocki, Director of the Communications Department, a Spokesperson of the Personal Data Protection Office.

Interestingly, 48.6 percent of respondents consider a phone number to be personal data, while only 16.3 percent include a car license plate number in this group. The Office, meanwhile, takes the position that both count as personal data when they are assigned to a specific person.

Less respondents convinced that they know how to take care of security

- Unfortunately, it is worrying that the group of people who declare that they know how to take care of the security of their personal data has decreased slightly. Seemingly everything seems to be in order, because as many as 88.6 percent of respondents answered this question in the affirmative, compared to 90.2 percent a year ago. The difference is small, within the statistical error. But that should not reassure us, as only 15 percent of those surveyed were absolutely sure they could handle the risks. A year ago, there were 17.3 percent such people. The vast majority were not unequivocally sure, answering "rather yes." This is probably due, among other things, to the fact that cybercriminals are constantly improving their methods of operation, which are becoming more and more sophisticated. Today they are able to fake, for example, a bank's website with a padlock in the address bar. Not long ago this guaranteed us that the website was safe, today it no longer does, warns Bartlomiej Drozd, an expert at

That correlates with the belief of the majority of respondents that the greatest threat to personal data is the theft of it through fraud or phishing with fake phone calls, emails or text messages. This view is shared by 42 percent of respondents, while 20 percent are concerned about hackers breaking into their computer or phone. 21 percent see the danger of data leakage from private companies, and 17 percent from state institutions.

- It's positive that such a large group of adult Poles is aware that criminals may want to steal their personal data by impersonating well-known companies or institutions, but at the same time it does not mean that the greatest danger lies there. Such a high percentage of indications is, on the one hand, the aftermath of the fact that each of us has already received many times a text message asking for a surcharge on a package or a phone call from a concerned bank employee who wants to warn us that someone is about to take out a loan using our data. On the other hand, this is also the topic most often covered by the media. Every week there are headlines "she clicked on a link, lost PLN 100.000". But we must also remember that our personal data are collected in many places, which unfortunately are not always well protected. And from there they are also illegally copied, so it is very important to monitor whether no one is using our PESEL against our will," adds Bartlomiej Drozd.

They will take out a loan, fool their friends

Surprisingly, while almost 89 percent of Poles say they know how to protect their personal data, only 60 percent know the consequences of data leakage and ending up in the hands of cybercriminals. The rest either outright admit that they do not know or cannot take a stand on the issue. Meanwhile, understanding the consequences of losing personal data is key to protecting it effectively.

The list of possible ways to illegally use lost personal data is dominated by taking out loans, or buying a smartphone or laptop. This is indicated by almost 90 percent of those surveyed. Nearly 77 percent fear that criminals, impersonating them, may try to fool friends or acquaintances, and nearly 54 percent fear that criminals may use them for blackmail. 65.6 percent see a risk in criminals setting up a business using stolen personal data, which in turn will incur further liabilities - such as buying goods from a wholesaler with deferred payment and not paying for them, or taking out a loan or leasing a car. Nearly 75 percent of respondents indicate that criminals can sell stolen personal data.

- This last point is worth emphasizing. It means that a very large percentage of Poles already understand that personal data are a commodity for criminals. The same as, for example, a stolen car or phone, which can then be sold. That is, the negative effect for the loss of data can be postponed, once we have forgotten that our personal data, as a result of some hacking, ended up in the wrong hands. This is why it is important to constantly monitor your own PESEL number," warns Bartlomiej Drozd.

The survey "Awareness of personal data protection security in Poland" was conducted in May 2023 by IMAS International on a representative sample of 1007 Poles, commissioned by and the National Debt Register Economic Information Bureau under the patronage of the Personal Data Protection Office and the Personal Data Protection Law Institute.