What is personally identifiable information (PII)? How to protect it under GDPR

Personally identifiable information (PII) is any data that can be used to identify a specific individual. Social Security numbers, mailing or email address, and phone numbers have most commonly been considered PII, but technology has expanded the scope of PII considerably. It can include an IP address, login IDs, social media posts, digital images and even geolocation, biometric, and behavioral data.

This broad definition of PII creates security and privacy challenges, especially when specific and stringent safeguards for it are spelled out in regulations such as the European Union’s (EU’s) General Data Protection Regulation (GDPR). It goes into full effect May 25, 2018, and it impacts any company, worldwide, that processes or stores personal data of EU residents. The new rules grant people more rights regarding how companies handle their personally identifiable information (PII), and it imposes heavy fines for non-compliance and data breaches–up to 4 percent of a company’s yearly revenue. The GDPR also requires that companies report data breaches within a 72-hour window. (See “General Data Protection Regulation (GDPR) requirements, deadlines and facts” for more specifics on the regulation.)

Read more about what personally identifiable information is, and how you can protect it under GDPR, on CSO.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here