The security of user data is of high importance, and that importance only grew with the implementation of the EU’s General Data Protection Regulation (GDPR). These sweeping new regulations went into effect on May 25, 2018. They are European Union regulations, but they have sweeping effects since they apply to any business that stores personal information of any EU citizen.
It’s important to comply with GDPR. The first step, though, is to understand what exactly GDPR requires for your business.
PII Under GDPR
The short answer to the question of what PII is under GDPR is that it’s not a thing. Personally, identifiable information is an American term. The rough European equivalent is personal data. It’s important to note, though, that the two are not identical. The European standards are more restrictive, and the European category (personal data) is, therefore, more inclusive.
Here’s the bottom line: don’t assume that if you’re PII compliant that you’re automatically GDPR compliant. You need to do more for the latter.
If you’re asking the question “what is PII under GDPR?” there’s a good chance you know some of the lingo already, but it’s worth reviewing.
Personally Identifiable Information (PII)
This term refers to any number of pieces of information that a company might store that can be used to identify individuals. Bad actors who accumulate enough PII on an individual may be able to compromise the individual’s accounts or even steal the individual’s identity. Examples of PII include (but aren’t limited to) driver’s license numbers, social security numbers, full names, physical addresses, and credit card numbers.
Remember, this is an American term, not a global one.
Non-Personally Identifiable Information (non-PII)
Non-PII is what’s left that’s not PII, in the American way of viewing things. This is the kind of information that can be used in aggregate forms. It’s useful data, but it can’t be used to identify individuals on its own. Examples include IP addresses, device IDs, and cookies left behind on devices while browsing the web.
Personal data is the EU equivalent of PII. It’s the information that businesses store on customers that could be used to identify those customers. The important difference here is the breadth of the definition.
GDPR concludes that even non-PII can be personal data. Cookies and IP addresses, for example, can be used in conjunction with PII to help reconstruct a person’s identity. For this reason, even these forms of information are considered personal data and are protected under GDPR.
Best Practices for Businesses
Given the changing landscape of privacy regulations, businesses must adapt and stay compliant. Here are a few best practices for complying with GDPR.
Survey What Data You Collect
The first step toward compliance is to know what your business is collecting. Conduct a comprehensive survey of the data that you collect and store through your site.
Keep Only What You Need
Second, ask the hard questions about what personal data your business truly needs. If it’s not providing real value, dump it.
Get Permission to Keep It
Whatever you decide is essential, ask permission to keep it. That’s what the cookie notices are doing, and you need to do the same.
Data privacy regulations are complex. You might not want to go it alone. If not, we’re here to help. Contact us today!
ICS is a Texas-based 40-year-old technology company specializing in Managed IT, VoIP, Video Conferencing and Video Surveillance solutions for US and International businesses. ICS has over 4000 regional installations and specializes in multi-site businesses between 25 and 2500 employees. ICS’s customers enjoy the experience of ICS’s Total Care program which provides clients flat fee services with obsolescence and growth protection. Whether a customer elects to deploy their IT, Video Conferencing or VoIP in the cloud or on the customer’s premise, ICS can provide a full turn-key solution for our clients under one flat monthly fee.
ICS Specializes In Managed IT Services, Business Telephones, Video Conferencing & More.
Book your initial consultation with ICS using the form below.
ICS will never sell, rent, share or distribute your personal details with anyone. In addition, we will never spam you.
Get Started with a 60-Day, Risk-Free Trial with our IT Services
We offer managed IT services for large to small organizations at a flat-rate monthly fee. You can get started now with a 60-day, risk-free trial. If you’re not 100% satisfied with our services, you’re able to cancel your contract – no questions asked. ICS works hard to earn the trust of each and every business we work alongside.