| title |
|---|
Documentation of all PII gathered |
Documenting all Personally Identifiable Information (PII) that your application gathers is crucial for GDPR compliance and helps in maintaining transparency with users.
- Identify All PII Collected: Conduct a thorough inventory of all PII collected by your application. Identify all sources of PII, including user inputs, third-party integrations, and any backend processes that generate or collect data. Categorise the types of PII collected, including: Personal Information, Sensitive Information, Usage Data.
- Purpose of Data Collection: Document the specific purposes for which each type of PII is collected. Ensure that the purposes are clearly defined and limited to what is necessary for the functionality of the application.
- Data Flow Diagrams: Create data flow diagrams to visually represent how PII moves through your application.
- Data Storage and Retention: Document where each type of PII is stored, including databases, cloud storage, local storage on devices, and third-party services.
- Data Protection Measures: Document the encryption methods used to protect PII both in transit and at rest. Document all third-party services that receive or process PII from your application.
What is a PII? Read more here: https://gdpr.eu/eu-gdpr-personal-data/
Some examples of personal data:
- Name and surname
- Email address (also applies for business emails that have name or surname in the address)
- Phone number
- Home address
- Date of birth
- Race
- Gender
- Political opinions
- Credit card numbers
- Data held by a hospital or doctor
- Photograph where an individual is identifiable
- Identification card number
- A cookie ID
- IP address
- Location data
- The advertising identifier of a phone.