17 / 05 / 2019
Bringing Down the House - The Risky Choice of Using In-House Anonymisation
IT PRO PORTAL - ANDRé THOMPSON, PRIVACY AND ETHICS COUNSEL AT TRūATA DISCUSSES, HOW GDPR IMPACTS DATA ANALYTICS WITHIN AN ORGANISATION
As the first anniversary of the application of the GDPR approaches, one hopes that organisations have become aware of their responsibilities as controllers of personal data.
One critical area is the difficulty of carrying out anonymisation in-house which supervisory authorities have frequently stated falls short of the high threshold for anonymisation set by the European Data Protection Board.
In large enterprises, where data-driven insights inform business strategy, data controllers will often take on the responsibility for de-identifying their customer data with the aim of using the datasets for analytics unconstrained by the requirements of GDPR and other data protection laws.
The intent to preserve privacy is admirable, however the execution is frequently inadequate and, as such, those organisations may leave themselves exposed to regulatory action, fines and perhaps most crucially, reputational damage leading to a customer base that has lost trust and faith that the company treats them as valued customers, not as products.
The key concept to appreciate is that anonymised data falls outside the scope of “personal data” as defined in the GDPR. So by anonymising customer datasets organisations can conduct analytics and not be constrained by data protection principles, such as limits on data collection, retention, purpose-based consent, the right to withdraw consent at any time and so on.
Click here to view the full article.
Click here to learn more about the Trūata Anonymization Solution and its benefits in terms of GDPR privacy compliance.