Initials PII – Personal Information Identification in GDPR


The entire General Data Protection Regulation (GDPR) revolves around the protection of personal data, how personal data can be used and so forth. In this article, we will go over the identification of personal information in GDPR.


As explained in the White Paper “5 steps to minimize GDPR efforts” - which you can download on our page "GDPR can be implemented in one month" -  the traditional approach of tackling the GDPR challenge requires huge efforts from internal people as well as external guidance involving interviews with all people concerned:

  • Identification of types of Personal Data handled by your organization
  • Where they are stored and how they are processed
  • How security is handled
  • And thus where the GDPR compliance risks lie.

Before starting a GDPR implementation initiative, you should know:

  • About WHOM you have GDPR-sensitive information
  • WHAT type of information it is
  • And WHERE it is located in your organization.

Over 80% of GDPR-sensitive information resides in unstructured textual information hidden in documents and e-mails, and in text fields in structured databases. You can read more on this subject in our article: "80% of GDPR sensitive information is NOT in databases"


We, at Knowliah, offer an automated assessment that requires NO extra effort from your staff. With the results, you can make sound decisions on what to implement where.

In a set-up phase, our intelligent software offers automatic detection of Data Subjects and related Personal Data on file servers, by means of standard available connectors for each information object (document, e-mail).

If required, extra (basic) connectors can be implemented to also process other systems like e-mail server, MS SharePoint, DMS, ERP, CRM, or custom applications/systems.


The result is a report containing linked elements:

  • Data Subject
  • Type of Personal Data
  • Location where the information resides.

The one-time usage of the software is linked to:

  • EITHER the number of employees in the organisation as an indication of volume (file, e-mail, record) processed
  • OR the number of items (files, e-mail, records) processed.

The benefits of such an automated approach are clear:

  • Thanks to the Knowliah GDPR content report, you know ALL your Data Subjects, ALL your types of Personal Data, and where they are stored in your digital systems. With this knowledge, you can make the right decisions on how and where you need to take actions in the Process – Govern – Protect – Audit domains.
  • There is no need for interviews anymore. Only your paper-handling processes require a short review and identification.
  • Knowliah provides a real view of your content in the processed sources. You do not depend on people ‘remembering’ what is or might be present as Personal Data or where names of Data Subjects appear in texts.

Want to learn more?

You can find information on the implementation guidelines of the GDPR, like processing principles, security measures, preparations, operations and much more on our GDPR implementation page.
Do not hesitate to contact us to get answers to your question and see what we can do for you. 


Discover Knowliah in action

Schedule a custom demo. We will show you a customized version of the application, fitted to your specific needs, at your convenience.

Request a demo


Share this insight