Basic Privacy Protection 101.
Chapter 1.
Never, ever store the personal data in the same place as the person’s name.
Store the data using a numeric ID tag,and the actual name in another database, heavily encrypted, that links the name to the ID tag. The two files are not in the same database, not even in the same place (server farm). It takes two different access methods to connect the data to the name, and can only be done on the destination computer.
I work for a quasi-government organisation. In Scotland. Guess who owns the servers all our data is kept on?
Microsoft, Google and Amazon have the Bogart on server infrastructure. Basically the whole world runs off one of the three. Including a lot of governments. It was never a good idea, it was easy and convenient though. So that’s why it’s the way it is.