The GDPR explained, Part 1: PII is not a Pokemon!
What is the first thing that comes to your head when you see “pii”? “Pii-Pikachu!”, say anime-lovers. “Personally identifiable information”, argue Data Security Officers. How come these two notions share the same abbreviation when they are so different? Or are they? Let’s find out.
Pikachu was designed in 1996 and since then this little Pokemon has become a household name. Pikachu is considered to be the Japanese Mickey Mouse, people dress up as Pikachu for parties and celebrations, it is a mascot of many Japanese sports teams, and has appeared in many TV-shows, animation films, video games, books, etc. Even if you are not an anime- of video games fan, we bet you have heard about Pikachu.
PII became prevalent as the Internet and information technology advanced. The rising number of data breaches has led to the fact that more and more consumers are concerned about data protection and want to know how their data are stored and processed. As a result, PII has become a critical component of data protection regulations, such as the GDPR (DSGVO) and CCPA.
Not many people know that the name Pikachu can actually be translated into English. In Japanese “Pika” means “electric-cracking” and “Chu” stands for “mice”, therefore Pikachu can be translated as an “Electric-cracking mouse”, and “pii” is the sound it makes.
PII stands for Personally Identifiable Information. It is any information that can be used to identify an individual (name, address, passport number, etc). It is very important for any company to organize and classify the PII they store and handle and ensure the right level of protection. If you handle personal data, make sure you get users’ consent, anonymize data and be prepared to erase all the information upon a user’s request. Not only will it help you stay compliant, but it will also guide your incident response in the case of a breach.
Pikachu is an electric rat. Its superpower is electricity and it uses electric shocks to damage enemies.
PII also has a superpower – it allows identifying individuals either directly, using identifiers (passport data, name and surname, etc) or indirectly using quasi-identifiers combined together. However, if you fail to protect PII, the shock is as great and the damage is as devastating. And while Pikachu recharges sleeping, PII requires attention 24/7.
Pikachu is pretty small – only 1 foot 4 inches (40.64cm) tall, and weighs 13 pounds (5.9kg). PII, on the other hand, weighs heavy on your chest. Failure to ensure the right level of PII protection may result in exorbitant fines and irreparable damage to business reputation.
Pikachu is not only a warrior, but also Ash’s best friend, and we frequently see him leaning on Ash’s shoulder.
If done right, PII can be your friend, too, and may really benefit your business. If you process PII in a privacy-friendly manner, it is bound to bring your company tangible advantages: increase trust, enhance your company’s reputation, and attract new customers.
Still not sure how you can ensure data privacy in your company? Feel free to reach out and we’ll show you how to use our GDPR and Security for Jira and Confluence to become GDPR-compliant in a swift and easy way. Start your free trial now and handle announcements, get consent, anonymize personal user data, set up rules for automation, access statistics, and more – everything you need to cover your back.
For more information on GDPR compliance, check out more articles in this series:
- 4 easy questions to check if you are fully GDPR compliant
- Be GDPR compliant, Part 1: everything you need to know about getting consent in Jira and Confluence
- New model of calculating GDPR fines is to increase possible penalties
- Be GDPR compliant, Part 2: ensure the right to erasure, find and anonymize PII in Jira
- 7 popular myths about GDPR