Hacker News new | past | comments | ask | show | jobs | submit login

GDPR doesn't apply only to storage, though? Maybe I'm confusing it with the previous data protection directive but I'm pretty sure the new GDPR also defines PII processing to include things like transmitting and operating on it.

But if there is some source (e.g. case law, data protection authority) that confirms that you can process two pieces of data and keep one as non-PII if you promise not to connect them in storage or forward them to another place in an identifiable manner, that would be interesting.




> But if there is some source (e.g. case law, data protection authority) that confirms that you can process two pieces of data and keep one as non-PII if you promise not to connect them in storage or forward them to another place in an identifiable manner, that would be interesting.

It would be impossible to follow the GDPR otherwise, all data would implicitly be PII, since all data is associated with an IP address and GDPR defines IP as PII.

> GDPR doesn't apply only to storage, though?

This doesn't matter, because you can always collect data for business critical purposes, which fraud protection reasonably is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: