![\"Risks](\"https:\/\/web.archive.org\/web\/20211124011124im_\/https:\/\/cmotions.nl\/wp-content\/uploads\/2021\/11\/Risicos-als-gevolg-van-dataverwerking-tabel-deel3.png\")
<\/p>\nOnce you have identified what sensitive information your organization has, you can take measures to address it. In this final article of our series, we will introduce you to a number of possibilities to reduce risks and thus protect customer privacy. If necessary, please read our previous articles first.<\/p>\n
Read Part 1: AVG on customer privacy ><\/p>\n
Read Part 2: Identifying traceable data ><\/p>\n
While processing personal data, potential risks to data subjects must be identified. Appropriate measures help to prevent or reduce the risks. A data subject in this context means a person about whom data is collected and processed.<\/p>\n
The table below provides an example for the nature and extent of potential risks to stakeholders:<\/p>\n
<\/p>\n
The occurrence of the listed risks can lead to considerable consequences, such as reputational damage, enforcement by regulators or recovery of damages.<\/p>\n
So what practical solutions are available to protect your client's privacy while also taking into account the interests of a data controller (such as a data analyst)? For example, for a data analyst, there are several methods available that allow processing of data while maintaining privacy. In this article, we specifically mention:<\/p>\n
Generalizing<\/strong> assures you that combinations of (indirect) personal data are not identifying. Letters in the zip code may be omitted. Or, only the month or year of birth are included in the edit instead of the full date. Original data remain (partially) visible, which makes generalization different from pseudonymization.<\/p>\n Pseudonymizing<\/strong> is a procedure that replaces identifying data with an algorithm. Available algorithms can always calculate the same pseudonym for a person, allowing information coming from different sources to be combined. This is how pseudonymization differs from anonymization. With anonymization, linking information from different sources by person is no longer possible. With (reversible) pseudonymization it is therefore possible to trace data back to a person. Reversal is subject to very strict technical and organizational requirements. The consent of several parties is also required.<\/p>\n Anonymization<\/strong> is irreversible. After application, data are no longer traceable to individuals. Anonymization is used when personal data are no longer needed for the original purpose for which they were collected (for example, communication). However, analysis is possible, for example in the context of research. Examples of anonymization are assigning a random new ID, removing columns or aggregating columns.<\/p>\n Do you need advice on applying risk avoidance measures? Then contact us. We will help you evaluate the risks and apply functional and\/or technical measures where necessary to support your data analysis ambitions. Want to know more? Check out cmotions.nl\/data-governance.<\/p>\n Contact<\/strong><\/em><\/p>\n Want to know more about this topic? Then contact Jeroen Groothedde or Michaela Legerstee using the contact information below.<\/p>\n Michaela Legerstee, Senior Consultant<\/p>\n +31 6 31 00 52 81<\/p>\n m.legerstee@cmotions.com +31 6 22 88 89 98<\/p>\n j.groothedde@cmotions.com<\/p>","protected":false},"excerpt":{"rendered":" Privacy protection by anonymizing and pseudonymizing data (part 3\/3) Once you have identified what sensitive information your organization has, you can take measures to address it. In this final article of our series, we introduce you to a number of ways to mitigate risks and thus protect customer privacy [...]<\/p>","protected":false},"author":2,"featured_media":9748,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[51,58,56],"tags":[],"class_list":["post-5897","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-artikel","category-data-governance-nl","category-gdpr-ethiek-nl"],"_links":{"self":[{"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/posts\/5897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/comments?post=5897"}],"version-history":[{"count":1,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/posts\/5897\/revisions"}],"predecessor-version":[{"id":9711,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/posts\/5897\/revisions\/9711"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/media\/9748"}],"wp:attachment":[{"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/media?parent=5897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/categories?post=5897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cmotions.com\/en\/wp-json\/wp\/v2\/tags?post=5897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\nEach record is assigned a random new ID, this can be as simple as a row number. Potentially identifying data is removed from the table.<\/li>\n
\n<\/span>This method simply removes columns of potentially identifying data from the table.<\/li>\n
\nThe data is aggregated by day or by month, resulting in the loss of person-level data. For example, consider a count of the number of new customers per day.<\/li>\n<\/ul>\nNeed advice?<\/h3>\n
\nJeroen Groothedde, Senior Consultant<\/p>\n