The definition of personal data in the GDPR includes biometric data where it allows the unique identification of an individual, as well as genetic data. The term biometric data is used here to describe those intrinsic, biological, physical or behavioural traits that are both unique to an individual and measurable. Examples commonly include fingerprints, retinal patterns, facial structure, voice, hand geometry, and vein patterns; but biometric data also includes deeply ingrained skills and behaviours (eg a handwritten signature and a particular way of walking or speaking).
Biometric data has a dual character in that it is both information about a particular individual and information which is capable of identifying an individual. DNA shares this duality of character. Accordingly, in most cases biometric data and DNA will be personal data for the purposes of the GDPR, in which case it will also be 'special category personal data' (see below).
Human tissue samples may provide a source from which biometric data can be extracted, but they are not biometric data themselves; that is, the extraction of information from samples may result in the collection of personal data. The collection, storage and use of tissue samples are subject to different laws, except that those samples may be accompanied by information (eg name, age) which also constitutes personal data.