European Personal Data Compared to U.S. Personal Identifiable Information under GDPR
GDPR gives EU citizens significant rights concerning how personal data is collected, processed, and transferred by data controllers and processors.
Yet, there's a difference in how the EU and U.S. view "personal data". For example, "personally identifiable information" is a term commonly used in the U.S. and includes information used to distinguish someone's identity. This broad definition has far reaching implications for all U.S. organizations to comply with the GDPR because of the increase in the scope of data with the definition of "personal data".
Determining whether GDPR applies can be analyzed by knowing if the U.S. organization has an established presence in the EU, if the U.S. organization processes personal data of data subjects in the EU by offering subjects goods or services, and if the organization processes personal data in the EU by monitoring behavior. If any apply, then U.S. organizations are compelled to comply.