What is PII?
PII is any data that can identify a person. This guide explains what counts as PII, direct vs. indirect identifiers, special-category data, and why it matters under GDPR and CCPA.
Plain-English explainers and technical deep dives on personal data, the right to erasure, data subject access requests, retention, and how to delete customer data across a data warehouse — and prove it.
What is PII?
PII is any data that can identify a person. This guide explains what counts as PII, direct vs. indirect identifiers, special-category data, and why it matters under GDPR and CCPA.
DSAR
A data subject access request (DSAR) lets people ask what personal data you hold about them. Learn the GDPR timelines, what you must provide, and how to answer without missing hidden copies.
Data retention
GDPR storage limitation means you cannot keep personal data forever. Learn how to set retention periods, build defensible deletion schedules, and prove data was removed on time.
Pseudonymization vs. anonymization
Anonymized data falls outside GDPR; pseudonymized data does not. Learn the legal and technical difference — and why encryption and crypto-shredding are pseudonymization, not anonymization.
Ghost data
Ghost data is personal data that landed in your warehouse without being registered or governed. Learn how it accumulates, why it is an audit risk, and how to detect it before a regulator does.
Delete PII in BigQuery
BigQuery DML deletes are slow, leave copies in time travel and downstream tables, and produce no evidence. Learn a crypto-shredding approach that deletes and proves erasure in one call.
CCPA vs. GDPR
Both laws give consumers a right to delete personal data, but the scope, exceptions, and proof burden differ. A side-by-side guide for data and compliance teams.
Crypto-shredding
Crypto-shredding destroys the encryption key so every row that referenced it becomes unreadable instantly — no row scans, no missed copies, no race conditions with downstream caches.
GDPR right to erasure
Article 17 requires complete, verifiable deletion of personal data on request. This guide explains what auditors actually check, what counts as evidence, and how to produce a proof record that survives a regulator review.