GDPR and Anonymization

Pushing the idea of anonymization to the forefront is the European Parliament with the new regulation – General Data Protection Regulation (GDPR). The GDPR is a four-year development to improve the existing data security and privacy regulatory framework which encompasses the protection of personal data across the European Union member states and beyond.

Although there is no avoiding the GDPR, there are ways to manage the expectations. The pivot upon which GDPR privacy stands is being able to identify an individual from their personal data, or being able to link them indirectly to this data. By preventing linking, the various requirements of the GDPR would be met. Recital 26  is the ‘hack’ that helps organizations comply with the the new EU regulation. According to the section:

“The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not, therefore, concern the processing of such anonymous information, including for statistical or research purposes.”

To achieve a more seamless adherence to the new regulation, it is best to create privacy-centric policies and procedures around sensitive data storage and sharing. Robust, risk-based anonymization protocols are an integral part of any adherence plan.

This white paper explores anonymization under the new regulation.

Free Webinar: De-Identification 101

Join Privacy Analytics for a high level introduction of de-identification and data masking.
Watch now

Free Download: De-Id 101

You have Successfully Subscribed!