Under GDPR, “personal data” means any information that relates to an identifiable person who can be directly or indirectly identified by reference to an identifier. This means that a whole range of identifiers now constitute personal data (e.g name, identification number, location data, even a web cookie). GDPR also defines a special category of 'sensitive personal data' that includes genetic and biometric data.
Anonymizing such data can be extremely useful for organizations, as sufficient anonymization takes it out of the scope of regulation such as GDPR. It's worth mentioning that sensitive data isn't restricted to just personal information: for an organization, commercial data about transactions or financial performance can be highly sensitive, too. In the US, the term 'Personally Identifiable Information' (PII) is more common. And while legally, 'personal data' and 'PII' are not exact equivalents, they're often used interchangeably.