GDPR means that organisations need to keep records of all personal data, be able to prove that consent was given, show where data is going, what its being used for, and how it is being protected. And it applies to anyone processing data on EU citizens.

But what defines personal data…? And how is PII different…?

[image error]

Obviously name, address, telephone details etc. constitute personal data. However, the GDPR makes it clear that Personally Identifiable Information (PII), can also be considered perso...