Sounds interesting and plenty of scope to deliver where others have failed here – they may want to drop the US term ‘PII’ as this has a different definition to ‘Personal Data’ as prescribed under GDPR & DPA 2018.