Article | REF: H5537 V1

Data anonymization, an urgency in the GDPR era

Author: Louis-Philippe SONDECK

Publication date: November 10, 2019

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


Overview

Français

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Louis-Philippe SONDECK: Data anonymization consultant, Doctorate in Computer Science from Pierre et Marie Curie University - Independent consultant, Bagneux, France.

 INTRODUCTION

The new Data Protection Regulation (RGPD) brings profound and unprecedented changes to the way organizations manage data. There is virtually no comparable piece of legislation, both in terms of scope and penalties. The RGPD concerns all forms of organization (large or small companies, public or private, associations...), wherever they may be in the world, as long as they process personal data of European residents. Penalties for non-compliance can range up to €20 million or 4% of the worldwide turnover of the company concerned (whichever is higher).

Beyond the financial penalties, the RGPD presents other considerable stakes as it very precisely frames personal data, known to be the oil of our era. It's obviously hard to deny the central place that data occupies in value creation; this, both for the development of new services, and for the improvement of existing ones. The RGPD thus applies to all processing of personal data (collection, recording, organization, storage...), and can, in certain cases, prohibit their implementation, and even impose the deletion of collected data. For example, one of the principles of the RGPD is the retention period limitation, which prohibits the retention of data beyond a certain duration; they will then have to be deleted or archived with restricted access.

In order to avoid the constraints of the RGPD without depriving oneself of the benefits of data, the only alternative provided by the regulation is data anonymization. Indeed, for the RGPD, anonymized data is equivalent to deleted data, and the principles of the RGPD no longer apply. This is because anonymization transforms personal data into data that is no longer personal.

However, implementing anonymization requires special precautions, due to the significant risks involved. Unfortunately, anonymization is still the subject of a great deal of confusion and preconceived ideas on the part of many data stakeholders. Among the most notable confusions are the use of pseudonymization (e.g., "data masking") in place of anonymization, and confusion between anonymization and encryption. Indeed, history records numerous cases of poor anonymization, using pseudonymized data instead of anonymous data, which led to serious breaches of privacy. Examples include the pseudonymized data of New York cabs, which made it possible to identify strip bar customers; or the case of health data published by an insurance agency in the USA, which in 1997 made it possible to re-identify the governor of the state of Massachussetts, by tracking down the illness from which he was suffering. These risks led the G29 (Group of European Data Protection Authorities) to publish an opinion on anonymization techniques in 2014

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors
+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year
From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
Data anonymization, a necessity in the RGPD era
Outline