GDPR and Anonymization
Pushing the idea of anonymization to the forefront is the European Parliament with the new regulation – General Data Protection Regulation (GDPR). The GDPR is a four-year development to improve the existing data security and privacy regulatory framework which encompasses the protection of personal data across the European Union member states and beyond.
Although there is no avoiding the GDPR, there are ways to manage the expectations. The pivot upon which GDPR privacy stands is being able to identify an individual from their personal data, or being able to link them indirectly to this data. By preventing linking, the various requirements of the GDPR would be met. Recital 26 is the ‘hack’ that helps organizations comply with the the new EU regulation. According to the section:
“The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not, therefore, concern the processing of such anonymous information, including for statistical or research purposes.”
To achieve a more seamless adherence to the new regulation, it is best to create privacy-centric policies and procedures around sensitive data storage and sharing. Robust, risk-based anonymization protocols are an integral part of any adherence plan.
This white paper explores anonymization under the new regulation.
You might also like:
De-identification 101, your primer on protecting health information (PHI).
Big Data and Healthcare
Implications for Use and Privacy Big Data and the Internet of Things have widespread implications not only for business models…
A Certification Program for Privacy by Design
Join Ann Cavoukian and Sylvia Kingsmill as they discuss the new certification program that follows the principles of Privacy by Design in this webinar hosted by Privacy Analytics.
De-identification 201 builds on the fundamentals of health data de-identification.