PII Protection Guide
Dutch PII & GDPR compliance for developers.
What is PII?
Personally Identifiable Information (PII) includes any data that can identify a person: names, emails, phone numbers, addresses, BSN (Dutch social security number), credit card numbers, and more.
GDPR / AVG Requirements
- Data minimization: Only collect what you need
- Purpose limitation: Use data only for its stated purpose
- Storage limitation: Delete data when no longer needed
- Security: Protect data with appropriate measures (RLS, encryption)
- Consent: Get explicit consent before processing
Dutch-specific rules
BSN (Burgerservicenummer)
The BSN is highly sensitive. You may only process BSN if you have a legal basis (e.g., tax, healthcare). Never store BSN in plain text — always encrypt at rest.
What Aphido detects
Aphido scans your app's API responses for PII patterns:
- Email addresses
- Phone numbers (NL and international)
- BSN (9-digit Dutch social security)
- Credit card numbers
- IBAN numbers
Scan your app with Aphido to detect exposed PII in your database responses.