Personal data, PII… At the first glance, both terms sound pretty similar. However, they are not exactly the same thing. Our cheat sheet will help you wrap your head around the similarities and dissimilarities between them.
Many organizations are now starting their journey towards GDPR compliance. Or at least they should be, considering that the new regulation comes into force in May 2018. One of the very first steps in this quest would be evaluating the types of information they process.
If you’d like to learn more about GDPR and the ways it will affect digital world, we recommend to you these blog posts:
– What Everybody Ought to Know About GDPR and Web Analytics – Free Webinar to Download
– How ePrivacy Impacts Marketing Automation, Re-marketing, Personalization and Web Analytics
– [Infographic] How to Collect and Process Data Under GDPR?
– [Infographic] GDPR Data Subject Rights – What You Need to Know
– How Will GDPR Affect Your Web Analytics Tracking?
This is where the concepts of personal data and personally identifiable information come into play. The definitions of the terms seem quite similar, but we must warn you – they are not the same thing. This is how they differ:
Firstly, the term “personally identifiable information” does not appear in the GDPR, but has its own meaning in US law. So it’s not exactly the term you should pay attention to when adjusting your data processing to the demands of the new EU law.
Secondly, personal data, in the context of GDPR, covers a much wider range of information, including IP addresses and even device IDs. In other words, while all PII is considered personal data,not all personal data is PII.
We are aware, however, that such topics are the easiest to understand when presented in a clear, readable form. That’s why we decided to prepare this useful cheat sheet, which will help you systematize knowledge in the field of PII and personal data.
You can download it here:
Free Cheat Sheet:
PII, Personal Data or Both?
Download the Cheat Sheet
You may also be interested in other relevant content concerning PII and personal data. Below is a list of helpful publications from our blog that cover the topic of both types of data. We hope you’ll find them helpful:
In this article we talk a lot about the main differences between PII and personal data. We also quote the most important legal provisions related to each type of data – including definitions provided by National Institute of Standards and Technology (NIST), The Federal Trade Commission (FTC), The General Data Protection Regulation and The Article 29 Data Protection Working Party.
This blog post contains not only definitions of both terms, but also a Slideshare presentation titled “Web Analytics and Privacy. How to Mitigate Risk in the Age of Evolving Privacy Legislation”. If you’d like to learn more on web-analytics and privacy, we recommend that you check it out. Enjoy!
Is pseudonymization a good way to work around GDPR and the demand for user consent? We must warn you – it’s not. More specifically, Recital 30 says that “the explicit introduction of “pseudonymisation” in this Regulation is not intended to preclude any other measures of data protection”. You’ll learn more about it from this article.
Remember – if you still have some questions regarding PII, personal data or GDPR – reach out to us! Our team will be happy to help!