Personal data is at the heart of the GDPR – the regulation does not apply to all the data companies have.
Personal data is any information that can be linked to an identifiable individual. Since identification of an individual can often be done by putting different pieces of information together (even without a name attached), what counts as personal data can be quite broad. A shoe size, a hobby or an image, for example, could all be classified as personal data if it’s possible to identify which person these bits of information apply to.
Note too that it doesn’t necessarily have to be the data controllers themselves (the companies or organisations processing the data) who are capable of identification.