We all have access to the ICO website and the mountain of advice, courses, webinars etc that are available on the topic however despite our best efforts it can be difficult to fully understand what it all means or requires. Until proven legal cases develop and are brought to conclusion it’s difficult to see how anyone can definitively state exactly what is required for GDPR compliance.
The purpose of this article is explicitly NOT to provide legal advice but to provide some specific information with useful links to further resources.
A website has the potential to collect the specific category PII (Personally Identifiable Information) but that is not to say that every website does so. This website does not do that and it is quite likely that yours does not either.
This category of data is personal data which the GDPR says is more sensitive, and so needs more protection. PII can be deemed as more detailed and sensitive data as shown here:
If you do collect explicit data it will be required that you can deliver as mentioned earlier, to any website user on request, a summary of their data that you have collected. It will therefore make sense to not collect ‘personally identifiable information’ from your users.
As explained at the beginning of this article the purpose has NOT been to provide legal advice. The text is purposely brief and comprises of several useful links to specific relevant information. Nonetheless there are individuals who have a better understanding of GDPR requirements therefore further research would be advisable.
This article is also timely; i.e. over time our understanding of the regulations will develop and be informed by events at which point we will review the context.