CNBC Interview on GDPR Requirements for legal analytics



BigPrivacy Reconciles Data Protection and Use to Maximize Value



BigPrivacy supports real-time, selective access controls (i) at a fine-grained data element level versus only at the user level and (ii) at generalized, non-identifying data levels in addition to identifying levels. Separating the information value of data from identifying attributes, all while retaining the ability to support authorized relinking of data to individuals under secure and technologically enforced conditions, enables the processing of analytics, artificial intelligence (AI), machine learning (ML), and digital transformation (DX) of protected data including IoT, geo-targeted and regulated data.

Anonos_BigPrivacy_Benefits_Icon_Multistakeholder_Engagement (1).png


BigPrivacy allows data owners to maintain their data in privacy respectful and secure “silos” while enabling the use, sharing, comparing and computing of accurate but non-identifying versions of their data with other data sources. BigPrivacy supports analytics, artificial intelligence (AI), machine learning (ML), and digital transformation of combined protected data sets.

Anonos_BigPrivacy_Benefits_Icon_Unstructured_Data (1).png

Unstructured Data

BigPrivacy enables pattern recognition without requiring disclosure of underlying identifying information to transform unstructured data into privacy respectful structured data schemas to support analytics, artificial intelligence (AI), machine learning (ML), and digital transformation of unstructured protected data.

Anonos_BigPrivacy_Benefits_Icon_GDPR-Compliant_Processing (1).png


BigPrivacy leverages technical and organizational measures to uniquely satisfy GDPR data safe haven requirements by separating the information value of data from the means of attributing data to specific individuals. GDPR data safe havens enable lawful ongoing processing, secondary use/further processing, minimisation, ongoing use of historical data, and improved security measures, for personal data. BigPrivacy uniquely enables data controllers and data processors to comply with GDPR data safe haven requirements under Articles 4, 5, 6, 11(2), 12(2), 25, 32 and 89.

To learn more about the GDPR Data Safe Havens, read the BigPrivacy GDPR Blueprint.

Improved Data Access & Combination



Many banks desire to consolidate data lakes into one or several centralised locations to enable real time consolidated data analytics on a real-time, selectively controlled basis.

The problem is that traditional data protection technologies are one-directional, requiring that all data and all use cases be presented at the time that data protection is applied. The introduction of new use cases or addition of more data nullifies the data protection. In contrast, BigPrivacy supports multi-directional data protection by leveraging Variant Twin data that is specifically processed for the person, purpose, place associated with each authorised data use in real-time.

Other data protection technologies do not support dynamic pseudonymisation, something that BigPrivacy uniquely enables. As a result, BigPrivacy provides firms with an API to dynamically pseudonymise data enabling them them to selectively control real-time data analytics across the consolidated data lake.

Compliant Cloud Cloud Compliant Data Use



The GDPR requires that data controllers contract only with cloud service providers (and other processors) that provide “sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this regulation and ensure the protection of the rights of the data subject.” To support GDPR compliant cloud processing, BigPrivacy enables dynamic pseudonymization to support:

  • Legitimate Interests as a legal basis for analytics and artificial intelligence not supported by “consent” or “contract”; and
  • Data Protection by Design and by Default as a means to ensure that processing protects the rights of data subjects.

Fine-Grained Self-Service Data Marts Fine-Grained Self-Service Data Marts



BigPrivacy enforces context-sensitive controls to enable compliant, scalable, self-service enterprise data use.

BigPrivacy helps to enforce data minimization by technologically enabling the use of the minimum level of linkable (identifiable) data necessary for each authorized process, to protect personal data on a per-authorized-use basis by technically controlling the linkability of data to limit access to linkable (identifying) data and protect against unauthorized use. Accordingly, BigPrivacy can help support data minimization within an organization by enforcing selective access to data, ensuring that an individual employee only has access to the data required for them to do their job and no more.

In addition, BigPrivacy enables two (or more) groups within the same organization, or two (or more) separate organizations, to share, combine and process data in a privacy-preserving manner. In both scenarios, each party desires to learn the results of a coordinated analysis without revealing private data. This is exactly what BigPrivacy technology makes possible. Organizations (or groups) can use BigPrivacy to run algorithms against the union of private data, all without allowing any party to view the other parties’ private information. This process, sometimes referred to as “Multi-Party Computation,” is accomplished by technically minimizing and harmonizing the data exchanged by the parties.

Global Data Use & Sharing Global Data Use & Sharing



Some of the largest financial firms in Europe recognise that – unlike any other technology – BigPrivacy enforces data access and use controls at the fine-grained data element level as well as at a course-grained policy level enabling them to maximise the use and value of their data while maintaining jurisdictional data sovereignty and localization compliance. This is critical since they do business in many countries around the globe. They have petabytes of data that could not be integrated and managed for analytics and AI without BigPrivacy non-identifying Variant Twin data to support new, non-consent-based legal basis for processing EU personal data under the GDPR.

Banks are also able to transfer maximum data to the cloud due to the portability of non-identifying BigPrivacy Variant Twin data among processing locations enabling cloud providers to more fully leverage cloud scalability, load balancing, etc.



Future of Privacy Forum Chief Executive Officer

“Anonos shows there are smart technical and policy solutions that can ensure we gain the benefits of new data uses while avoiding the risks.”


Information Accountability Foundation Executive Director & Chief Strategist

“Anonos makes effective controls possible that break the stalemate between responsible use and data obscurity.”


Sage Bionetworks Chief Commons Officer

“The potential to bring technical and organization approaches into data privacy debates that desperately need new concepts.”





The way your organisation has processed data for years – even for decades – may now create legal liability under the EU General Data Protection Regulation (GDPR).

Organisations looking to maximize the value of data for advanced analytics, artificial intelligence, sharing, combination and repurposing (“Big Data Analytics & AI”) should be aware of the following:

  1. Organisations Deleting Legacy Consent Data – Organisations are deleting valuable data critical for Big Data Analytics & AI due to concerns over potential fines and injunctions ordering the immediate termination of illegal processing of data collected using non-compliant general consent (“Legacy Consent Data”). The GDPR has no “grandfather provision” or “exemptions” allowing for continued use of Legacy Consent Data. Also, consent to use data for Big Data Analytics & AI cannot be a condition for receiving a product or service – a data subject must have a genuine choice, or consent is not freely given and is unlawful.

  2. Illegal Big Data Analytics & AI – Without a new legal basis to ensure lawful rights to process personal data (which is no longer possible under the GDPR using consent if the processing cannot be described with specificity in advance), using that data for Big Data Analytics & AI may produce unlawful results that exposes organisations, their partners and customers to legal liability.

  3. Pseudonymisation – Organisations should embrace GDPR compliant Pseudonymisation across their enterprise to process legal Big Data Analytics & AI. GDPR compliant Pseudonymisation technically enforces “dynamism” to support Legitimate Interest processing by overcoming shortcomings of “static” data protection techniques that fail to adequately protect data subjects against unauthorized re-identification when data is combined from multiple sources or used for various purposes – known as the “Mosaic Effect.”

  4. Certified Pseudonymisation Technology – Anonos’ patented SaveYourData® software is the only technology that has been certified as complying with legal and technical requirements for Pseudonymisation under the GDPR in accordance with the ‘EuroPrivacy’ certification scheme developed through a European research project co-funded by the European Commission and Switzerland.