Pillars to GDPR Success (3 of 5): Anonymize and Pseudonymize for Data Protection with Data Masking
The General Data Protection Regulation, or GDPR, took effect May 25, 2018, with the primary goal of protecting people’s personal data. Every organization that uses an EU citizen’s personal data is now responsible for strict data protection, which is the third pillar in our 5 Pillars for GDPR Compliance philosophy.
How can a company achieve sufficient data protection? First, they need to be able to capture the footprints of their personal data across their data landscape. Then, in order to prevent a data subject’s identity from being connected to their data, they can de-identify the related datasets without altering their structure. There are two main ways to accomplish it for GDPR compliance: anonymization and pseudonymization.
Anonymization vs. Pseudonymization
Anonymization makes data relating to an individual’s identity completely anonymous, while pseudonymization replaces identities with pseudonyms. While the purpose of both is to remove the possibility of identifying an individual by the data, they are very different solutions from one another.
The main distinction between the two is that pseudonymization can be reversed while anonymization cannot.
Which Data Protection Method for GDPR?
While GDPR requirements certainly limit the use of personal data, organizations have options (and even some flexibility) in the way they choose to achieve data protection for GDPR.
For example, if a company’s data warehouse is storing private data that doesn’t fall under GDPR compliance standards because customer didn’t give explicit consent for using their personal data in that context, the company can choose to simply mask that data.
Thanks to pseudonymization, the users of the data warehouse would be not be exposed to the data that might identify a data subject. But there’s a catch: re-identification of the data in the data warehouse would still be possible by adding external sets of information.
Anonymization is a more definitive way for achieving GDPR compliance. Anonymizing data means permanently eliminating all personal data so you don’t have to protect it with regards to data privacy.
Choosing the Right Platform for Data Protection
Talend offers Data Protection and GDPR Compliance solutions for de-identifying data and establishing “privacy by design” in a data landscape. It applies to any data that can flow into a data pipeline managed by Talend, in batch or real time, including legacy systems, enterprise application, cloud data, big data, and more.
Data masking capabilities are provided to data professionals such as information architects, data engineers or data scientists, and also to business users through Talend Data Preparation. See data masking in action within the Talend Platform in this video.
Learn More About Data Protection and GDPR Compliance
The GDPR allows each organization to choose whether anonymization or pseudonymization is best for its data protection. Pseudonymization is more flexible, but also more risky. Anonymization is more difficult, but also more secure.
To learn more about data protection for GDPR, and to watch a demonstration of how to use Talend’s products to ensure compliance, check out the 5 Pillars of GDPR Compliance webinar. To find out more about Talend’s products for GDPR, take a look at our many data solutions.
← Pillar 2 | Pillar 4 →
More related articles
- Pillars to GDPR Success (2 of 5): Data Capture and Integration
- Pillars to GDPR Success (4 of 5): Self-Service Curation and Certification
- Pillars to GDPR Success (5 of 5): Data Access and Portability
- Preparing for GDPR
- [GDPR Step 14] How to Govern the Lifecycle of Information
- Pillars to GDPR Success (1 of 5): Data Classification and Lineage
- PCI DSS: Definition, 12 Requirements, and Compliance
- [GDPR Step 15] How to Set Up Data Sharing Agreements
- [GDPR Step 16] How to Enforce Compliance with Controls
- [GDPR Step 13] How to Manage End-User Computing
- [GDPR Step 11] How to Stitch Data Lineage
- [GDPR Step 09] How to Conduct Vendor Risk Assessments
- [GDPR Step 12] How to Govern Analytical Models
- [GDPR Step 10] How to Improve Data Quality
- [GDPR Step 08] How to Conduct Data Protection Impact Assessments
- [GDPR Step 07] How to Establish Data Masking Standards
- [GDPR Step 3] How to Confirm Data Owners
- [GDPR Step 06] How to Define Acceptable Use Standards for GDPR
- [GDPR Step 2] The Importance of Creating Data Taxonomy
- [GDPR Step 4] How to Identify Critical Datasets and Critical Data Elements
- What is Data Portability?
- [GDPR Step 01] How to Develop Policies, Standards, and Controls
- What is Data Privacy?
- [GDPR Step 5] How to Establish Data Collection Standards