[individual] “identified or identifiable”
As the Art. 29 WP states, “a natural person can be considered as ‘identified’ when, within a group of persons, he or she is ‘distinguished’ from all other members of the group. Accordingly, the natural person is ‘identifiable’ when, although the person has not been identified yet, it is possible to do it.”
As the Article 4.1 of the GDPR sets forth, an “identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person“.
Usually we consider that a person is directly identified when we know their “name”, as it is the most common identifier and the most used in practice. However, sometimes the name may not be enough to identify a person and it has to be combined with other pieces of information, such as an address, a profile picture or a phone number.
In cases where prima facie the extent of the identifiers available does not allow anyone to single out a specific person, but when those are combined with other pieces of information (whether retained by us or not) allow the individual to be distinguished from others, the individual shall be deemed as indirectly identifiable.
Finally, a natural person may also be identified even when you are not in a position to find out their “name”. The reason behind this is that in many situations the name of an individual is not necessary to single it out because you may have other identifiers which allow you to create a profile and attribute him or her decisions (think of that neighbour whose name we do not know and yet we are able to distinguish them from other people, or in the unique identifier that we have given to each of our clients when including them in our files).