A key concept of many privacy laws is the definition of “personal data”, “personal information” or “personally identifiable information”. If it’s not “personal data”, you are likely outside of the scope of data protection laws, however that is a line in the sand which is constantly moving – in this article David Fraser of McInnes Cooper in Canada examines what that constantly shifting line means for privacy, and the individual.
Can companies achieve true data anonymization to avoid weaker pseudonymization techniques and lessen the constraints of data privacy laws like the GDPR?
Data that is properly anonymised does not fall under the GDPR but anonymization brings about challenges for data analysis. What are the approaches viable for use in a commercial setting?
Classic anonymization is difficult to achieve and often does not provide good results. Comparatively, modern technologies like Diffix offer the best of both worlds, giving you data treasure and data protection.
Most organisations are hungry for the insights and business value to be gleaned from their customer data but wary of falling foul of GDPR. It’s a privacy minefield that many businesses will have to navigate in 2019 and beyond.