Anonos technology supports new legal bases now required for desired business outcomes and use cases to remain lawful under the GDPR, CCPA and other evolving data protection laws in a way that competitive offerings are unable to achieve

USE CASES

Data Sharing / Analytics / AI

Life Sciences Research

Pre-GDPR Data

What Has Dramatically Changed?

WHAT HAS CHANGED?

New data privacy laws mean that the days of unfettered and unfiltered use of data are over and that more than written policies and standard procedures are required.

WHY IT MATTERS?

If companies do not correct this, they can find themselves using illegal "Conflict Data" that taints the legality, accuracy and value of Analytics & AI.

HOW TO FIX IT?

Anonos technology transforms illegal "Conflict Data" from Liability into legally compliant "Fair Trade Data," that delivers a new competitive advantage.

Conflict Data
Conflict Data describes the risk of personal information concerning an individual being used to the disadvantage of that person.; It is analogous to "conflict diamonds" being used against a country in which they are illegally mined to the disadvantage of the country.

Fair Trade Data
Fair Trade Data requires the use of technically enforced granular privacy controls (like those required under the CCPA, GDPR and evolving data protection laws) to eliminate risk of "Conflict Data."

GDPR: Primary Vs Secondary Processing (Legal Basis)

The GDPR requires technical and organisational safeguards to enable secondary use of data by enabling a new compatible legal basis.

Pseudonymisation: Benefits under GDPR

Top Analysts:

Variant Twins Enable Analytics & AI

Picture5
IDC

Anonos helps businesses become data-driven without compromising GDPR compliance obligations.

Gartner

Anonos’ patented BigPrivacy technology enables the creation of nonidentifying personalized data to enable compliant analytics, AI and data sharing.

forrester

Anonos is more than GDPR compliance technology. It engineers privacy into solutions to enable analytics.

Anonos Maximizes the Data Value Chain

What if Informed Consent for Life Science Research Does Not Satisfy GDPR requirements?

What changed? The recent European Data Protection Board (EDPB) Opinion 3/2019 stipulates the opinion of the Board that “informed consent” for life science purposes does not satisfy requirements for consent as a legal basis under the GDPR. This opinion took many people in the industry by surprise and means that participants engaged in EU life science research are at immediate risk of interrupted business operations, reputational damage, enforcement action, liability, and penalties unless they support an alternate legal basis.
Is there a solution? Anonos patented BigPrivacy technology enables life science firms to do more with data in compliance with EU data protection requirements in a way that is not supported by competitive technologies.

Benefits of GDPR Compliant Pseudonymisation for Life Science Research:

1) Increasing the risk of liability and uncertainty surrounding the use of data collected in the EU for clinical trials/medical device studies under recent controversial guidance from the European Data Protection Authority; and

2) Reducing data collected in the US to be used for EU and global studies by complying with more stringent privacy obligations.

3) Enabling the ability to analyze, share and combine global clinical trial/medical device data in compliance with evolving global data protection laws;

The benefits of properly pseudonymised data using Anonos BigPrivacy technology are highlighted in multiple GDPR Articles, specifically in:

  • Article 6(4) as a safeguard to help ensure the compatibility of new data processing;
  • Article 25 as a technical and organizational measure to help enforce data minimisation principles and compliance with data protection by design and data protection by default obligations;
  • Article 32 as an encouraged security measure; and
  • Article 89(1) as a safeguard in connection with processing for archiving purposes in the public interest; scientific or historical research purposes; or statistical purposes; moreover, the benefits of pseudonymisation under this Article 89(1) also provide greater flexibility under:
  • Article 5(1)(b) with regard to purpose limitation;
  • Article 5(1)(e) with regard to storage limitation; and
  • Article 9(2)(j) with regard to overcoming the general prohibition on processing Article 9(1) special categories of personal data.
  • In addition, properly pseudonymized data is recognized in WP29 Opinion 06/2014 as playing “a role with regard to the evaluation of the potential impact of the processing on the data subject...tipping the balance in favour of the controller” to help support Legitimate Interest processing as a legal basis under Article GDPR 6(1)(f).

Pre-GDPR approaches to pseudonymisation require a trade-off between maximizing data protection and data utility resulting in either less accurate data or less secure data. This is because of the use of static (persistent) tokens to replace direct identifiers only so: (i) pseudonymised records can be combined with additional information to enable re-identification; and (ii) indirect identifiers can be combined or enriched with additional information leading to unauthorized disclosure – this is often referred to as unauthorized re-identification via inference attacks or the “Mosaic Effect.”

With GDPR compliant pseudonymisation using Anonos BigPrivacy, the conflict between data protection and utility is resolved by transforming data dynamically using patented algorithms to contain only pseudonymised versions of required data elements (direct and indirect identifiers) authorized for each use or analysis. Different users receive use-case specific pseudonyms all originating from the source data, significantly enhancing downstream data utility, even on privacy-enhanced data.

Pre-GDPR Pseudonymisation versus GDPR Compliant Pseudonymisation

How GDPR compliant pseudonymisation requirements have evolved from prior standards:

In addition, the TED Talk on Big Data Needs BigPrivacy (6 min) highlights how Anonos BigPrivacy technology maximises lawful collection, use, combination, sharing and processing of personal health data without compromising data value under domestic and international data protection regimes.

Which of These Did You Do?

Data Protection Authorities are auditing “What did you do to transform pre-GDPR data so it is legal to continue to possess.

  • 1. RECONSENT using now GDPR compliant consent.
  • 2. Anonymize the data so it’s not relinkable to individuals.
  • 3. Delete the data.
  • 4. Transform the data to support a new legal basis.

The New Reality

Data Storage = Data Processing: Storing / possessing data in any form is regulated as “Processing”under the GDPR.

  • The GDPR Changed the Rules:

  • 1. Prior to the GDPR going into effect, you could collect data using general consent like that provided by a Cookie Wall.

  • 2. However, now data collected without complying with new GDPR requirements is ILLEGAL.

  • 3.There is NO grandfather or savings clause that enables you to continue to legally possess or store data collected in noncompliance with the GDPR.

Other Options Are Limiting

  • 1. RECONSENT

    Try to get specific unambiguous and voluntary consent – but must always have a non-consent legal basis if you want to use data from people who do not reconsent or in secondary processing like Analytics, AI and ML.

  • 2. anonymize

    Making the data unlinkable to individuals significantly degrades the utility of having the data.

  • 3. delete

    This is a “nuclear option” and eliminates all value of the data.

  • 4. transform

    Using encryption, hashing, etc. will not support a new GDPR legal basis of Legitimate Interest processing because using the data exposes data subjects to the risk of unauthorized re-identification.

SaveYourData Enables Legal Possession & Use

  • Transforms data by leveraging the only GDPR-certified pseudonymisation technology
  • Supports GDPR Legitimate Interest processingto retain value while mitigating the risk of unauthorized re-identification when the data is used
  • Uses revolutionary new technology protected by seven granted patents, with 67 additional patents pending
  • Represents the state-of-the-art in data enablement and privacy
  • Recognized by Analysts and awarded Gartner Cool Vendor status

Recommended by Industry Analysts

CLICK TO READ

“SaveYourData offers a deep-freeze state for existing personal data repositories without violating GDPR principles. This helps organizations avoid data deletion, blanket encryption, or reconsent exercises.”

With SaveYourData…

  • Personal data is transformed using GDPR-certified pseudonymisation.
  • Supports a new legal basis for processing pre-GDPR data without violating GDPR principles.
  • Helps organizations avoid unnecessary data deletion projects and unsuccessful blanket encryption or reconsent exercises.
Download Itemized Checklist

Now That Clients Saved Their Data…

Continue to use it with

  • BigPrivacy patented dynamic pseudonymisation, anonymization and de-identification enforces technical and organizational safeguards to provide verifiable proof for customers, partners and regulators  that secondary data processing (like Analytics, AI & Machine Learning) is lawful under the GDPR and evolving data protection regulations.
  • Organizations can receive a credit against future BigPrivacy license fees of up to 100% of SaveYourData license fees.

Transform Data to Make Possession Legal

Illegal Data

  • CRM Data
  • Archive
  • OtherDatabases

Source Databases(Customer’s Environment)

Transform Legal Basis

  • Ingestion
  • SaveYourData Transformation

    Legal Data
    Pseudonymised Data

Universal Use Cases

BigPrivacy enforces dynamic granular data use controls to protect structured and unstructured data for compliant analytics.

1. Global Data Use and Sharing

Solving data sovereignty issues while enabling analytics.

Some of the largest banks in Europe recognise that - unlike any other technology - level as well as at a course-grained policy level enabling them to maximise the use and value of their data while maintaining jurisdictional data sovereignty and localization compliance. This is critical since they do business in many countries around the globe. They have petabytes of data that could not be integrated and managed for analytics and AI without BigPrivacy non-identifying. Variant Twin data to support new, non-consent-based legal basis for processing EU personal data under the GDPR.

Banks are also able to transfer maximum data to the cloud due to the portability of non-identifying BigPrivacy Variant Twin data among processing locations enabling cloud providers to more fully leverage cloud scalability, load balancing, etc.

2. Greater Data Access and combination

Many banks desire to consolidate data lakes into one or several centralised locations to enable real time consolidated data analytics on a real-time, selectively controlled basis.

The problem is that traditional data protection technologies are one-directional, requiring that all data and all use cases be presented at the time that data protection is applied. The introduction of new use cases or addition of more data nullifies the data protection. In contrast, BigPrivacy supports multi-directional data protection by leveraging Variant Twin data that is specifically processed for the person, purpose, place associated with each authorised data use in real-time.

Other data protection technologies do not support dynamic pseudonymisation, something that BigPrivacy uniquely enables. As a result, BigPrivacy provides firms with an API to dynamically pseudonymise data enabling them them to selectively control real-time data analytics across the consolidated data lake.

3. External Data Assets

A major bank in Europe is leveraging BigPrivacy Variant Twin data to enable sharing of non-identifying versions of original datasets with strategic enterprise partners.

BigPrivacy establishes a common Variant Twin format to support sharing of harmonised Variant Twin data schemas among disparate data sets. The bank would otherwise be forced to cease inter-enterprise data analytics projects because other approaches rely on static identifiers which under the circumstances would no longer be permitted under the GDPR.
The ability to separate the information value of data from the means of re-identifying data subjects (to satisfy GDPR requirements for pseudonymisation) while enabling controlled re-linkability of data under authorised conditions is critical to achieving the bank’s business objectives; these capabilities are uniquely possible using BigPrivacy’s patented dynamic pseudonymisation technology.

WHAT INDUSTRY LEADERS ARE SAYING

01
Francois Zimmermann

Global CTO of Financial Services Vertical at Hitachi Vantara

"SaveYourData provides a technical and legal framework that enables our customers to attain compliance without destroying business value. Hitachi is excited to partner with Anonos to help organisations to maximise their use of analytics to support their data driven journey.”

02
Martin Whitworth

Research Director, IDC European Data Security and Privacy

"Choosing the appropriate protection methods requires that we also have a means of safeguarding our current accumulated data stores, in a privacy compliant manner. This is why we highlighted Anonos SaveYourData in our report dealing with creating a foundation for accelerating data-driven initiatives.”

03
Dr Sébastien Ziegler

Chairman of the EuroPrivacy Board of Experts.

"In evaluating Anonos SaveYourData software gave us the opportunity to discover an innovative pseudonymisation software for improving the protection of personal data as requested by the GDPR."

These quotes are excerpted from a recent SaveYour Data

Top Q&A on SaveYourData

What did Ellis Island do for immigrants?
Who came thru Ellis Island?
What is buttonhook Ellis Island?
What was the process of Ellis Island?
Contact Us

Want to learn more or request a demo?

Get in touch using the form below.

Anonos does not sell or share your information.