CNBC Interview on GDPR Requirements for legal analytics

WATCH 2 MINUTE VIDEO
 

BENEFITS

BigPrivacy Reconciles Data Protection and Use to Maximize Value

Anonos_BigPrivacy_Benefits_Icon_Data_In_Use.png

UsING DATA

BigPrivacy supports real-time, selective access controls (i) at a fine-grained data element level versus only at the user level and (ii) at generalized, non-identifying data levels in addition to identifying levels. Separating the information value of data from identifying attributes, all while retaining the ability to support authorized relinking of data to individuals under secure and technologically enforced conditions, enables the processing of analytics, artificial intelligence (AI), machine learning (ML), and digital transformation (DX) of protected data including IoT, geo-targeted and regulated data.

Anonos_BigPrivacy_Benefits_Icon_Multistakeholder_Engagement.png

SHARING DATA

BigPrivacy allows data owners to maintain their data in privacy respectful and secure “silos” while enabling the use, sharing, comparing and computing of accurate but non-identifying versions of their data with other data sources. BigPrivacy supports analytics, artificial intelligence (AI), machine learning (ML), and digital transformation of combined protected data sets.

Anonos_BigPrivacy_Benefits_Icon_Unstructured_Data.png

Unstructured Data

BigPrivacy enables pattern recognition without requiring disclosure of underlying identifying information to transform unstructured data into privacy respectful structured data schemas to support analytics, artificial intelligence (AI), machine learning (ML), and digital transformation of unstructured protected data.

Anonos_BigPrivacy_Benefits_Icon_GDPR-Compliant_Processing.png

GDPR DATA SAFE HAVENS

BigPrivacy leverages technical and organizational measures to uniquely satisfy GDPR data safe haven requirements by separating the information value of data from the means of attributing data to specific individuals. GDPR data safe havens enable lawful ongoing processing, secondary use/further processing, minimisation, ongoing use of historical data, and improved security measures, for personal data. BigPrivacy uniquely enables data controllers and data processors to comply with GDPR data safe haven requirements under Articles 4, 5, 6, 11(2), 12(2), 25, 32 and 89.

To learn more about the GDPR Data Safe Havens, read the BigPrivacy GDPR Blueprint.

Improved Data Access & Combination

IMPROVED DATA ACCESS & COMBINATION

 

Many banks desire to consolidate data lakes into one or several centralised locations to enable real time consolidated data analytics on a real-time, selectively controlled basis.

The problem is that traditional data protection technologies are one-directional, requiring that all data and all use cases be presented at the time that data protection is applied. The introduction of new use cases or addition of more data nullifies the data protection. In contrast, BigPrivacy supports multi-directional data protection by leveraging Variant Twin data that is specifically processed for the person, purpose, place associated with each authorised data use in real-time.

Other data protection technologies do not support dynamic pseudonymisation, something that BigPrivacy uniquely enables. As a result, BigPrivacy provides firms with an API to dynamically pseudonymise data enabling them them to selectively control real-time data analytics across the consolidated data lake.

Compliant Cloud Cloud Compliant Data Use

CLOUD COMPLIANT DATA USE

 

The GDPR requires that data controllers contract only with cloud service providers (and other processors) that provide “sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this regulation and ensure the protection of the rights of the data subject.” To support GDPR compliant cloud processing, BigPrivacy enables dynamic pseudonymization to support:

  • Legitimate Interests as a legal basis for analytics and artificial intelligence not supported by “consent” or “contract”; and
  • Data Protection by Design and by Default as a means to ensure that processing protects the rights of data subjects.

Fine-Grained Self-Service Data Marts Fine-Grained Self-Service Data Marts

FINE-GRAINED SELF-SERVICE DATA MARTS

 

BigPrivacy enforces context-sensitive controls to enable compliant, scalable, self-service enterprise data use.

BigPrivacy helps to enforce data minimization by technologically enabling the use of the minimum level of linkable (identifiable) data necessary for each authorized process, to protect personal data on a per-authorized-use basis by technically controlling the linkability of data to limit access to linkable (identifying) data and protect against unauthorized use. Accordingly, BigPrivacy can help support data minimization within an organization by enforcing selective access to data, ensuring that an individual employee only has access to the data required for them to do their job and no more.

In addition, BigPrivacy enables two (or more) groups within the same organization, or two (or more) separate organizations, to share, combine and process data in a privacy-preserving manner. In both scenarios, each party desires to learn the results of a coordinated analysis without revealing private data. This is exactly what BigPrivacy technology makes possible. Organizations (or groups) can use BigPrivacy to run algorithms against the union of private data, all without allowing any party to view the other parties’ private information. This process, sometimes referred to as “Multi-Party Computation,” is accomplished by technically minimizing and harmonizing the data exchanged by the parties.

Global Data Use & Sharing Global Data Use & Sharing

 

GLOBAL DATA USE & SHARING 

 

Some of the largest financial firms in Europe recognise that – unlike any other technology – BigPrivacy enforces data access and use controls at the fine-grained data element level as well as at a course-grained policy level enabling them to maximise the use and value of their data while maintaining jurisdictional data sovereignty and localization compliance. This is critical since they do business in many countries around the globe. They have petabytes of data that could not be integrated and managed for analytics and AI without BigPrivacy non-identifying Variant Twin data to support new, non-consent-based legal basis for processing EU personal data under the GDPR.

Banks are also able to transfer maximum data to the cloud due to the portability of non-identifying BigPrivacy Variant Twin data among processing locations enabling cloud providers to more fully leverage cloud scalability, load balancing, etc.

WHAT INDUSTRY LEADERS ARE SAYING ABOUT ANONOS

JULES POLONETSKY
JULES POLONETSKY

Future of Privacy Forum Chief Executive Officer

“Anonos shows there are smart technical and policy solutions that can ensure we gain the benefits of new data uses while avoiding the risks.”

MARTIN ABRAMS
MARTIN ABRAMS

Information Accountability Foundation Executive Director & Chief Strategist

“Anonos makes effective controls possible that break the stalemate between responsible use and data obscurity.”

JOHN WILBANKS
JOHN WILBANKS

Sage Bionetworks Chief Commons Officer

“The potential to bring technical and organization approaches into data privacy debates that desperately need new concepts.”

RESOURCES

Requirements_for_GDPR_Legal_Analytics_&_AI_Anonos_BigPrivacy_Tumbnail

 

Download

BRIEFING FOR LEGAL ANALYTICS UNDER THE GDPR & evolving Regulations

The way organizations have processed data for years – even for decades – creates new legal liability under the EU General Data Protection Regulation (GDPR). Organizations looking to maximize the value of data by leveraging advanced data analytics and artificial intelligence (AI) should be aware of 3 points:

  1. Illegal Analytics & Artificial Intelligence (AI) – without a new legal basis to ensure lawful rights to process personal data (which is no longer possible under the GDPR using consent if the processing cannot be described with specificity in advance), using that data for advanced data analytics and artificial intelligence (AI) may produce unlawful results that expose organizations, their partners and customers to unexpected legal liability.

  2. Pseudonymisation – organizations must embrace and implement Pseudonymisation as defined under the GDPR across their enterprise to legally process advanced data analytics and artificial intelligence (AI).

  3. Dynamism – new GDPR requirements for technically enforced “dynamism” overcome shortcomings of “static” data protection techniques that fail to adequately protect data subject rights when data is combined from multiple sources or used for various purposes. Examples under the GDPR include dynamic Pseudonymisation to defeat the Mosaic Effect and dynamic fine-grained, use-case specific controls to satisfy requirements for Data Protection by Design and by Default.