15 / 02 / 2019
How to Navigate the GDPR Privacy Minefield in 2019
CPO MAGAZINE - DR. MAURICE COYLE, CHIEF DATA SCIENTIST AT TRūATA, EXPLAINS BOTH THE NECESSITY AND BENEFITS OF OUTSOURCING ANONYMIZATION TO AN INDEPENDENT THIRD PARTY IN A POST GDPR WORLD.
Most organisations want to be responsible and ethical and respect the privacy of their customers but they are unsure how to go about it. At the same time, they are hungry for the insights and business value to be gleaned from their customer data but wary of falling foul of GDPR. It’s a minefield that many businesses will have to navigate in 2019 and beyond.
Avoid the consent trap
One of the most important things a data-driven company can do to ensure it is respecting its customers’ privacy when analyzing data is to avoid the trap of thinking that getting customer consent is a panacea. It’s not. As seen in recently announced fines under GDPR – likely among the first of many – valid consent is tricky to obtain. Easily accessible, specific, and unambiguous opt-in consent must be obtained for every purpose, meaning that blanket consents “for analytics” are not sufficient to allow companies to analyse their customer data for any given purpose. Rather than relying on consent for analysis involving personal data, it would be better that companies not use personal data at all – especially if the real value can be obtained by using anonymized data instead.
In-house vs independent focus
Data can be considered anonymized from a data protection perspective when data subjects are not identifiable, having regard to all methods reasonably likely to be used by the data controller or any other person to identify the data subject. However, if the original source data is retained for some other purpose (fraud detection, etc), then the anonymized data is still considered personal data since it is possible for it to be linked with the original data for re-identification purposes.
Click here to view the full article.
Click here to learn more about the Trūata Anonymization Solution and its benefits in terms of GDPR privacy compliance.