Step 1: Generate & Detect
Automated PII Scanning
Run the Data Dictionary generation with PII Detection Enabled. The AI will scan column names and sample values to identify sensitive data.
Scanning: customers.email
match found
match found
Scanning: users.ssn
match found
match found
Step 2: Review Findings
Verification Process
Navigate to the 'Review' page and filter by 'PII Only'. Verify categories, check high confidence scores, and remove any false positives manually.
Step 3: Create PII Inventory
| Category | Tables | Compliance Impact |
|---|---|---|
| Email Addresses | customers, users, contacts | GDPR Art. 30 |
| Names | customers, users, employees | GDPR Art. 30 |
| Phone Numbers | customers, contacts | GDPR Art. 30 |
| Addresses | customers, shipping | GDPR Art. 30 |
| Financial Data | payments, transactions | PCI DSS |
| Health Data | patient_records | HIPAA |
Step 4-5: Map Activities & Rights
Processing Activities
Activity: Marketing PII: Email, Name Basis: Consent Retention: 2 years Recipients: ESP
Data Rights
- Access: Query by ID
- Erasure: Hard/Soft delete workflow
- Portability: JSON export available
Step 6: Compliance Report & Controls
Generate Report
Export the full dictionary as a PDF. Includes PII inventory, processing activities, and retention policies.
Implement Controls
Use findings to implement access controls, encryption (at rest/transit), and automated retention policies.
Success Criteria
- Complete PII inventory documented
- GDPR Article 30 requirements met
- Data Subject Rights procedures documented
- Compliance report ready for audit