CNBC Interview on GDPR Requirements for legal analytics

WATCH 2 MINUTE VIDEO
 

BENEFITS

BigPrivacy Reconciles Data Protection and Use to Maximize Value

Anonos_BigPrivacy_Benefits_Icon_Data_In_Use.png

UsING DATA

BigPrivacy supports real-time, selective access controls (i) at a fine-grained data element level versus only at the user level and (ii) at generalized, non-identifying data levels in addition to identifying levels. Separating the information value of data from identifying attributes, all while retaining the ability to support authorized relinking of data to individuals under secure and technologically enforced conditions, enables the processing of analytics, artificial intelligence (AI), machine learning (ML), and digital transformation (DX) of protected data including IoT, geo-targeted and regulated data.

Anonos_BigPrivacy_Benefits_Icon_Multistakeholder_Engagement.png

SHARING DATA

BigPrivacy allows data owners to maintain their data in privacy respectful and secure “silos” while enabling the use, sharing, comparing and computing of accurate but non-identifying versions of their data with other data sources. BigPrivacy supports analytics, artificial intelligence (AI), machine learning (ML), and digital transformation of combined protected data sets.

Anonos_BigPrivacy_Benefits_Icon_Unstructured_Data.png

Unstructured Data

BigPrivacy enables pattern recognition without requiring disclosure of underlying identifying information to transform unstructured data into privacy respectful structured data schemas to support analytics, artificial intelligence (AI), machine learning (ML), and digital transformation of unstructured protected data.

Anonos_BigPrivacy_Benefits_Icon_GDPR-Compliant_Processing.png

GDPR DATA SAFE HAVENS

BigPrivacy leverages technical and organizational measures to uniquely satisfy GDPR data safe haven requirements by separating the information value of data from the means of attributing data to specific individuals. GDPR data safe havens enable lawful ongoing processing, secondary use/further processing, minimisation, ongoing use of historical data, and improved security measures, for personal data. BigPrivacy uniquely enables data controllers and data processors to comply with GDPR data safe haven requirements under Articles 4, 5, 6, 11(2), 12(2), 25, 32 and 89.

To learn more about the GDPR Data Safe Havens, read the BigPrivacy GDPR Blueprint.

Greater Data Access & Combination

GREATER DATA ACCESS & COMBINATION

 

Many banks desire to consolidate data lakes into one or several centralised locations to enable real time consolidated data analytics on a real-time, selectively controlled basis.

The problem is that traditional data protection technologies are one-directional, requiring that all data and all use cases be presented at the time that data protection is applied. The introduction of new use cases or addition of more data nullifies the data protection. In contrast, BigPrivacy supports multi-directional data protection by leveraging Variant Twin data that is specifically processed for the person, purpose, place associated with each authorised data use in real-time.

Other data protection technologies do not support dynamic pseudonymisation, something that BigPrivacy uniquely enables. As a result, BigPrivacy provides firms with an API to dynamically pseudonymise data enabling them them to selectively control real-time data analytics across the consolidated data lake.

Compliant Cloud Compliant Cloud Processing

COMPLIANT CLOUD PROCESSING

 

The GDPR requires that data controllers contract only with cloud service providers (and other processors) that provide “sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this regulation and ensure the protection of the rights of the data subject.” To support GDPR compliant cloud processing, BigPrivacy enables dynamic pseudonymization to support:

  • Legitimate Interests as a legal basis for analytics and artificial intelligence not supported by “consent” or “contract”; and
  • Data Protection by Design and by Default as a means to ensure that processing protects the rights of data subjects.

External Data Assets External Data Assets

EXTERNAL DATA ASSETS

 

Regulated firms can leverage BigPrivacy Variant Twin data to enable sharing of non-identifying versions of original datasets with strategic enterprise partners. BigPrivacy establishes a common Variant Twin format to support sharing of harmonised Variant Twin data schemas among disparate data sets. Firms would otherwise be forced to cease inter-enterprise data analytics projects because other approaches rely on static identifiers which under the circumstances would no longer be permitted under the GDPR.

The ability to separate the information value of data from the means of re-identifying data subjects (to satisfy GDPR requirements for pseudonymisation) while enabling controlled re-linkability of data under authorised conditions is critical to achieving business objectives; these capabilities are uniquely possible using BigPrivacy’s patented dynamic pseudonymisation technology.

Global Data Use & Sharing Global Data Use & Sharing

 

GLOBAL DATA USE & SHARING 

 

Some of the largest financial firms in Europe recognise that – unlike any other technology – BigPrivacy enforces data access and use controls at the fine-grained data element level as well as at a course-grained policy level enabling them to maximise the use and value of their data while maintaining jurisdictional data sovereignty and localization compliance. This is critical since they do business in many countries around the globe. They have petabytes of data that could not be integrated and managed for analytics and AI without BigPrivacy non-identifying Variant Twin data to support new, non-consent-based legal basis for processing EU personal data under the GDPR.

Banks are also able to transfer maximum data to the cloud due to the portability of non-identifying BigPrivacy Variant Twin data among processing locations enabling cloud providers to more fully leverage cloud scalability, load balancing, etc.

WHAT INDUSTRY LEADERS ARE SAYING ABOUT ANONOS

JULES POLONETSKY
JULES POLONETSKY

Future of Privacy Forum Chief Executive Officer

“Anonos shows there are smart technical and policy solutions that can ensure we gain the benefits of new data uses while avoiding the risks.”

MARTIN ABRAMS
MARTIN ABRAMS

Information Accountability Foundation Executive Director & Chief Strategist

“Anonos makes effective controls possible that break the stalemate between responsible use and data obscurity.”

JOHN WILBANKS
JOHN WILBANKS

Sage Bionetworks Chief Commons Officer

“The potential to bring technical and organization approaches into data privacy debates that desperately need new concepts.”

RESOURCES

Requirements_for_GDPR_Legal_Analytics_&_AI_Anonos_BigPrivacy_Tumbnail

 

Download

BRIEFING FOR LEGAL ANALYTICS UNDER THE GDPR & evolving Regulations

The way organizations have processed data for years – even for decades – creates new legal liability under the EU General Data Protection Regulation (GDPR). Organizations looking to maximize the value of data by leveraging advanced data analytics and artificial intelligence (AI) should be aware of 3 points:

  1. Illegal Analytics & Artificial Intelligence (AI) – without a new legal basis to ensure lawful rights to process personal data (which is no longer possible under the GDPR using consent if the processing cannot be described with specificity in advance), using that data for advanced data analytics and artificial intelligence (AI) may produce unlawful results that expose organizations, their partners and customers to unexpected legal liability.

  2. Pseudonymisation – organizations must embrace and implement Pseudonymisation as defined under the GDPR across their enterprise to legally process advanced data analytics and artificial intelligence (AI).

  3. Dynamism – new GDPR requirements for technically enforced “dynamism” overcome shortcomings of “static” data protection techniques that fail to adequately protect data subject rights when data is combined from multiple sources or used for various purposes. Examples under the GDPR include dynamic Pseudonymisation to defeat the Mosaic Effect and dynamic fine-grained, use-case specific controls to satisfy requirements for Data Protection by Design and by Default.