The basic issue is you need to ensure that only authorized people access sensitive personal information. This issue gets difficult if your auditor wants to know which applications use sensitive data, and which users have access to it. Data discovery tools can locate PII in both databases and unstructured storage locations. Database activity monitoring systems, which record access, come in. They can show which users accessed data they should not have. Label-based protection for database columns, dynamic content redaction, or tokenization.”]
Source: https://www.darkreading.com/database-security/pii-and-entitlement-management