Would storing an irreversible card fingerprint violate GDPR compliance?

Question

Would it be okay to generate an store a card fingerprint using a irreversible one-way hashing lead to a violation of GDPR compliance? We are based out of the US.I'm not able to find any specific documentation that discusses about the user consent here? Would it be a violation of privacy from a GDPR standpoint?

dave4420 · Accepted Answer

What would you be using it for? You do not always need consent, e.g. if it&rsquo;s necessary in order to deliver a service the fingerprint owner requested.Would you be able to delete the hash if the fingerprint owner asked you to?

mrkeen · Answer

I considered hashing GDPR data previously in a project, and found that "one-way" hashing didn't really exist in our use case.If the number of possible inputs is small enough, you can just rehash them all, and then your "one-way" hash becomes two-way.

mytailorisrich · Answer

This may be personal data, since payment cards are nominal, so may fall within the GDPR. But that does not means it is a "violation" and that does not mean you should lose sleep over it.

Would storing an irreversible card fingerprint violate GDPR compliance?

What would you be using it for? You do not always need consent, e.g. if it’s necessary in order to deliver a service the fingerprint owner requested.
Would you be able to delete the hash if the fingerprint owner asked you to?

I considered hashing GDPR data previously in a project, and found that "one-way" hashing didn't really exist in our use case.
If the number of possible inputs is small enough, you can just rehash them all, and then your "one-way" hash becomes two-way.

This may be personal data, since payment cards are nominal, so may fall within the GDPR. But that does not means it is a "violation" and that does not mean you should lose sleep over it.