Would it be okay to generate an store a card fingerprint using a irreversible one-way hashing lead to a violation of GDPR compliance? We are based out of the US.<p>I'm not able to find any specific documentation that discusses about the user consent here? Would it be a violation of privacy from a GDPR standpoint?
What would you be using it for? You do not always need consent, e.g. if it’s necessary in order to deliver a service the fingerprint owner requested.<p>Would you be able to delete the hash if the fingerprint owner asked you to?
I considered hashing GDPR data previously in a project, and found that "one-way" hashing didn't really exist in our use case.<p>If the number of possible inputs is small enough, you can just rehash them all, and then your "one-way" hash becomes two-way.
This may be personal data, since payment cards are nominal, so may fall within the GDPR. But that does not means it is a "violation" and that does not mean you should lose sleep over it.