Privacy protection by anonymizing and pseudonymizing data (part 1/3)
How do you handle your customers' privacy?
We live in a data age. Driven by ambitions around "digital transformation," organizations are collecting more and more data about their customers. With this, they hope to achieve (growth) objectives.
This, often enormous, amount of data requires much more specific attention than most organizations realize. Do you know that the basic principle is to keep no more data than you need for your primary business operations?
To what extent do you consider the privacy sensitivity of your data? What measures have you taken to protect that privacy? Avoid unnecessary or unwanted processing of personal data. Remember that the functionality of your information management does not have to be lost in the process.
Privacy by design
Customer data should be used only for the purpose for which it was collected. This means that you may use billing data, for example, only for billing purposes. And therefore not for marketing other services.
In our next two articles, we offer tools for privacy protection using "privacy by design. Here, we focus on three techniques you can use to comply with the AVG legislation.
Privacy regulations: the AVG
The AVG applies to personal data. This includes not only personal data, but - under specific circumstances - also things like someone's surfing habits or call history, for example.
If data processing is going to take place with a high privacy risk, the AVG requires a data processor to conduct a Privacy Impact Assessment (PIA). This assessment is mandatory from 2018 for data processing operations with a high privacy risk. With the hefty fines in mind, it is extra important to be alert to whether this is the case with planned operations.
The AVG does not apply to data "rendered anonymous in such a way that the person to whom it relates is no longer identifiable."
In our next articles, we explain what the privacy risks may be. We outline ways to prevent and/or mitigate these risks. With these recommendations, principles such as data minimization, proportionality (I only do what I need to do) and subsidiarity (what I do I can do in another way) are monitored in a structural way within your organization.
