These terms are very much used interchangeably and as previous respondent stated PII is a US term. Strictly speaking under US definition PII does not include for example :Aggregated statistics Internet Protocol (IP), Media Access Control (MAC) addresses, Cookie ID, Device ID. I often found that it iRead more
These terms are very much used interchangeably and as previous respondent stated PII is a US term. Strictly speaking under US definition PII does not include for example :Aggregated statistics
Internet Protocol (IP), Media Access Control (MAC) addresses, Cookie ID, Device ID. I often found that it is always good to clarify as stakeholders might only think of direct identifiers but forget the fact that data that one can maybe add via other sources means that e.g. behavioural data or a cookie by itself is also personal data.
PII v PI
Petra
These terms are very much used interchangeably and as previous respondent stated PII is a US term. Strictly speaking under US definition PII does not include for example :Aggregated statistics Internet Protocol (IP), Media Access Control (MAC) addresses, Cookie ID, Device ID. I often found that it iRead more
These terms are very much used interchangeably and as previous respondent stated PII is a US term. Strictly speaking under US definition PII does not include for example :Aggregated statistics
See lessInternet Protocol (IP), Media Access Control (MAC) addresses, Cookie ID, Device ID. I often found that it is always good to clarify as stakeholders might only think of direct identifiers but forget the fact that data that one can maybe add via other sources means that e.g. behavioural data or a cookie by itself is also personal data.
GDPR and PECR
Petra
Would agree with you, this is non compliant, but it then becomes a risk based decision for management.
Would agree with you, this is non compliant, but it then becomes a risk based decision for management.
See lessData Retention for Anonymised Data? Conflicting guidance.
Petra
Not under GDPR, but as much as possible all data should have a retention period whether personal data or not.
Not under GDPR, but as much as possible all data should have a retention period whether personal data or not.
See less