Biometric data are defined by the GDPR as personal data resulting from specific technical processing, relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm his unique identification, such as facial images or fingerprint data.
This means that in order to be considered as biometric data, the processing of the data must allow or confirm the unique identification of the data subject.
Such data may fall into the category of genetic data, as well as the category of health data. This is the case, for example, when the processing is based on DNA and information on the person's state of health can be derived from it.