Pillars to GDPR Success (3 of 5): Anonymize and Pseudonymize for Data Protection with Data Masking

The General Data Protection Regulation, or GDPR, took effect May 25, 2018, with the primary goal of protecting people’s personal data. Every organization that uses an EU citizen’s personal data is now responsible for strict data protection, which is the third pillar in our 5 Pillars for GDPR Compliance philosophy.

How can a company achieve sufficient data protection? First, they need to be able to capture the footprints of their personal data across their data landscape. Then, in order to prevent a data subject’s identity from being connected to their data, they can de-identify the related datasets without altering their structure. There are two main ways to accomplish it for GDPR compliance: anonymization and pseudonymization.

Anonymization vs. Pseudonymization

Anonymization makes data relating to an individual’s identity completely anonymous, while pseudonymization replaces identities with pseudonyms. While the purpose of both is to remove the possibility of identifying an individual by the data, they are very different solutions from one another.

The main distinction between the two is that pseudonymization can be reversed while anonymization cannot.

Which Data Protection Method for GDPR?

While GDPR requirements certainly limit the use of personal data, organizations have options (and even some flexibility) in the way they choose to achieve data protection for GDPR.

For example, if a company’s data warehouse is storing private data that doesn’t fall under GDPR compliance standards because customer didn’t give explicit consent for using their personal data in that context, the company can choose to simply mask that data.

Thanks to pseudonymization, the users of the data warehouse would be not be exposed to the data that might identify a data subject. But there’s a catch: re-identification of the data in the data warehouse would still be possible by adding external sets of information.

Anonymization is a more definitive way for achieving GDPR compliance. Anonymizing data means permanently eliminating all personal data so you don’t have to protect it with regards to data privacy.

Choosing the Right Platform for Data Protection

Talend offers Data Protection and GDPR Compliance solutions for de-identifying data and establishing “privacy by design” in a data landscape. It applies to any data that can flow into a data pipeline managed by Talend, in batch or real time, including legacy systems, enterprise application, cloud data, big data, and more.

Data masking capabilities are provided to data professionals such as information architects, data engineers or data scientists, and also to business users through Talend Data Preparation. See data masking in action within the Talend Platform in this video.

Learn More About Data Protection and GDPR Compliance

The GDPR allows each organization to choose whether anonymization or pseudonymization is best for its data protection. Pseudonymization is more flexible, but also more risky. Anonymization is more difficult, but also more secure.

To learn more about data protection for GDPR, and to watch a demonstration of how to use Talend’s products to ensure compliance, check out the 5 Pillars of GDPR Compliance webinar. To find out more about Talend’s products for GDPR, take a look at our many data solutions.

← Pillar 2 | Pillar 4 →

Ready to get started with Talend?