Perfect opportunity to clear up a common misconception:
PII is more or less an American term. In the context of European legislation such as the GDPR, there is no such thing as "PII".
Within Europe and within the context of the GDPR, you do however talk about "Personal Data".
Personal Data and PII are both about data that can identify a person, but Personal Data (Europe) is much broader than PII (US) from a regulatory perspective.
This was a pet peeve of the best GDPR lawyer I ever worked with, and now it's a pet peeve of mine as well. :-)
PII is more or less an American term. In the context of European legislation such as the GDPR, there is no such thing as "PII".
Within Europe and within the context of the GDPR, you do however talk about "Personal Data".
Personal Data and PII are both about data that can identify a person, but Personal Data (Europe) is much broader than PII (US) from a regulatory perspective.
This was a pet peeve of the best GDPR lawyer I ever worked with, and now it's a pet peeve of mine as well. :-)