Can a user login credentials and/or secret questions be considered PII under EU regulations?

Can a user login credentials and/or secret questions be considered PII under EU regulations?

European Union is one of the most regulated places on how to deal with Personally Identifiable Information.

I was going to answer this question by saying that he had to hash the user password because ...