Gary LaFever | April 05, 2018

5 Steps to Enable Compliant Analytics

Enable_Compliant_Analytics_Anonos_BigPrivacy_Blog-1

Step #1: Your Company is Not Alone, Unless...

Your company is not alone in its desire to engage in advanced analytics, data sharing, AI, and migration to the cloud. But, data uses are evolving faster than the capabilities of traditional privacy and security controls. You must technically enforce policy controls at the data element level or your company will be left alone when competitors are maximising compliant data use, sharing and migration to the cloud.

  • With new dynamic pseudonymisation technology, even the most highly regulated companies can process data analytics and AI in the cloud.

Step #2: The Rules Have Changed...

All EU personal data effectively becomes highly regulated data under the GDPR. Many data access practices and uses which have been legal for decades will become illegal under the GDPR. Traditional privacy and security technologies do not support many lawful data uses in compliance with GDPR requirements because they cannot technically enforce policy controls at the data element level.

  • The new norm of EU data protection is that personal data use must be granularly controlled to protect privacy... it is no longer just about encrypting data.

Step #3: May 25th is just the BEGINNING...

The “sound heard around the world” on May 25th will not be the sound of EU Data Protection Authorities imposing enormous GDPR penalties. The sound will be privacy and security teams telling technology and analytics teams that they no longer have a lawful basis to use data for advanced analytics, sharing, or AI, and that they cannot migrate data to the cloud because of the risk of these penalties. Companies are rapidly growing their data analytics teams while their privacy and compliance teams are not growing in size - only in duties and responsibilities.  Privacy and compliance teams want to support business objectives, but if they can’t operationalize and automate processes many desired data uses will become illegal and no longer permitted.

  • New pseudonymisation technology enables legitimate interests as a lawful basis for advanced data analytics, AI, sharing and migration to the cloud. If compliance is not operationalized and automated, companies will not be able to support growing business needs.

Step #4: Hard to Say, Harder to Live Without…

Within the next few years, all companies will begin PSEUDONYMISING data to ensure compliant data use, sharing and migration to the cloud. Some companies are well versed in the requirements of pseudonymisation, others have a general idea of its benefits under the GDPR, and some have a hard time saying or spelling it. Pseudonymisation is very different than Anonymisation. There is no such thing as Pseudo-Anonymization.  The benefits of complying with the GDPR definition of Pseudonymisation make it well worth implementing from the “edge” of data collection all the way to the data lake for streaming privacy controls. Companies that realize the benefits of pseudonymising data first will be those that leave competitors behind.

  • If you never need to re-link your data then generalized statistics, differential privacy or homomorphic encryption may meet your needs. If you ever want to re-link your data under controlled conditions - which most use cases require - you need dynamic pseudonymisation technology to overcome the Mosaic Effect.  Click here for more info on dynamic pseudonymisation.

Step #5: Anonos BigPrivacy Dynamic Pseudonymisation

Data uses are getting bigger and so are privacy concerns - that is why many of the leading companies around the globe are implementing Anonos BigPrivacy dynamic pseudonymisation technology.

  • The European Commission Directorate‑General for Communications Networks, Content and Technology (DG CONNECT) is the department responsible for both data innovation and data protection.  A DG CONNECT official summarised a March 23, 2018 meeting with Anonos as follows:

I had previously seen three avenues to doing data-driven innovation with personal data in a privacy compliant manner. First, you may secure the consent of a person. Second, you may find a use case where anonymized/generalized data are "just good enough," and you can prove that your method of anonymization or generalization works to prevent re-linking of data to individuals. Third, you may hope that emerging technologies for privacy-preserving analytics like multi-party computing or homomorphic encryption could help you achieve your goal. But, we have learned today that there is a new way -  Anonos has introduced us to a distinct different fourth approach which is BigPrivacy dynamic pseudonymisation technology.

Tweet_DG_Connect_Anonos

Are you facing any of these 4 problems with data?

You need a solution that removes the impediments to achieving speed to insight, lawfully & ethically

Roadblocks
to Insight
Are you unable to get desired business outcomes from your data within critical time frames? 53% of CDOs cannot achieve their desired uses of data. Are you one of them?
Lack of
Access
Do you have trouble getting access to the third-party data that you need to maximise the value of your data assets? Are third-parties and partners you work with worried about liability, or disruption of their operations?
Inability to
Process
Are you unable to process data due to limitations imposed by internal or external parties? Do they have concerns about your ability to control data use, sharing or combining?
Unlawful
Activity
Are you unable to defend the lawfulness of your current data processing activities, or data processing you have done in the past?
THE PROBLEM
Traditional privacy technologies focus on protecting data by putting it in “cages,” “containers,” or limiting use to centralised processing only. This limitation is done without considering the context of what the desired data use will be, including decentralised data sharing and combining. These approaches are based on decades-old, limited-use perspectives on data protection that severely minimise the kinds of data uses that remain available after controls have been applied. On the other hand, many other new data-use technologies focus on delivering desired business outcomes without considering that roadblocks may exist, such as those noted in the four problems above.
THE SOLUTION
Anonos technology allows data to be accessed and processed in line with desired business outcomes (including sharing and combining data) with full awareness of, and the ability to remove, potential roadblocks.