Any identifying information being collected on an online user is considered personal data. This information can be a name, an e-mail address, a number, IP address etc. - any data that can be linked directly or indirectly to a person’s identity, as well as any information about a person’s financial, social, physical, mental, or cultural identity.
For European privacy laws, as defined in GDPR Article 4(1), personal data are "any information which are related to an identified or identifiable natural person".
Some of the personal data is considered as sensitive, including (as stated in Article 9): racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (e.g. fingerprints) to be able to identify a person, medical data and information about sex life and or sexual orientation.
There are various data types that can be divided into categories. For example, contact details of customers, contact details of suppliers, employee data etc. This can be further broken down into email addresses, addresses, names, date of births, shoe size, weight, blood type etc. Data types can be company/business specific, and businesses can define their data types. Any type of personal information is a data type.