Privacy-enhancing technologies (PETs) have emerged in recent years to enable companies to perform analysis on their data without falling foul of increasingly strict data protection regulations. However, it is very rare to see examples where the privacy risk is measured before and after application of PETs to demonstrate whether privacy risk has been reduced and enable data controllers to make more effective decisions.

We will describe how failing to objectively measure the privacy risk that exists or remains in a data set may leave companies exposed to regulator scrutiny, fines and sanctions.