March 8, 2017

FAQs on GDPR Compliant Data Analytics Now Available

NEW YORK, March 8, 2017 /PRNewswire/ -- Industry GDPR FAQs on compliant big data analytics from the International Association of Privacy Professionals (IAPP) GDPR Big Data Analytics Webinar are now available.

The questions were provided by the over 600 global privacy professionals who registered for the event. Those answering the questions included technology, legal policy, and regulatory experts, the latter represented by the French CNIL data protection authority. The webinar was on enabling big data analytics under the EU General Data PProtection Regulation (GDPR), which mandates debilitating fines for noncompliant use of data analytics. 

The complete FAQs, along with a glossary of key terms and an article entitled 5 Stages of GDPR Awareness are now available on the website of Anonos, the co-sponsor of the IAPP GDPR Big Data Analytics Webinar. The FAQs and other material may be downloaded at

The IAPP GDPR Big Data Analytics Webinar featured Gwendal Le Grand, the Director of Technology and Innovation at La Commission Nationale de l'Informatique et des Libertés (CNIL), the independent French administrative regulatory body whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data; Mike Hintze, former Microsoft Chief Privacy Counsel and now partner at Hintze Law; and Gary LaFever, former partner at Hogan Lovells international law firm and now CEO at Anonos, a company specializing in technology that enables compliance with the GDPR while unlocking the value of data. The webinar attracted unusually high interest, and several thousand downloads of the webinar summary and related materials have already been made from the website.

In response to a question, if persistent "anonymous" identifiers are not legal under the GDPR, Gwendal Le Grand stated, " GDPR just makes it explicit that some data that was sometimes called 'anonymous' identifiers by some stakeholders are actually personal data and have to be protected as such. It means, inter alia, that the controller must have a legal basis to process them. This can be 'legitimate interest.' In such case, the controller will have to make sure that data subject can exercise their rights. It also means that these personal data must be protected with appropriate safeguards."

In response to a question about any grace period before fines for noncompliance are imposed, Mike Hintze said, "The 'grace period' is the two years between the passage of the GDPR in 2016 and May 2018. In May 2018, the GDPR will be fully enforceable and organizations should plan to be in full compliance."

It's critical that companies are in compliance by that date since substantial fines can be imposed for noncompliance; in fact, fines can be as high as 4% of global gross revenues.

In response to a question about whether encryption can satisfy technology requirements for data analytics, artificial intelligence or machine learning under the GDPR, Gary LaFever said, "Encryption is an invaluable security tool, use of which is encouraged under the GDPR. However, encryption alone does not satisfy obligations under the GDPR with regard to Data Protection by Default or Pseudonymisation."

A White Paper co-authored by Mike Hintze and Gary LaFever in connection with the IAPP GDPR Big Data Analytics Webinar entitled Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics - Balancing the Interests of Regulators, Data Controllers and Data Subjects, introduces "Controlled Linkable Data" as a new category of technical means for satisfying GDPR requirements. This new category of data-protection technology is also sometimes referred to as "Dynamic Data Obscurity."

Controlled Linkable Data/Dynamic Data Obscurity enables intelligent technical and policy solutions that deliver the benefits of data uses while avoiding the risks. In the White Paper, Jules Polonetsky, CEO of the Future of Privacy Forum, said: "Controlled Linkable Data enables intelligent technical and policy solutions that deliver the benefits of data uses while avoiding the risks." Martin Abrams, Executive Director & Chief Strategist at the Information Accountability Foundation said, "Controlled Linkable Data tools minimize risk by de-linking and re-linking data to break the stalemate between responsible use and data obscurity."

As noted above, the FAQs, glossary of key terms, and article on 5 Stages of GDPR Awareness are available at

The goal of Anonos is to provide timely, relevant information about big data innovation and, with regard to the GDPR, how to continue to use data analytics and artificial intelligence in a compliant manner with patented technology, called BigPrivacy®. Click here to sign up for information and news alerts from Anonos:


This article originally appeared in PR Newswire.  All trademarks are the property of their respective owners. All rights reserved by the respective owners.


Are you facing any of these 4 problems with data?

You need a solution that removes the impediments to achieving speed to insight, lawfully & ethically

to Insight
Are you unable to get desired business outcomes from your data within critical time frames? 53% of CDOs cannot achieve their desired uses of data. Are you one of them?
Lack of
Do you have trouble getting access to the third-party data that you need to maximise the value of your data assets? Are third-parties and partners you work with worried about liability, or disruption of their operations?
Inability to
Are you unable to process data due to limitations imposed by internal or external parties? Do they have concerns about your ability to control data use, sharing or combining?
Are you unable to defend the lawfulness of your current data processing activities, or data processing you have done in the past?
Traditional privacy technologies focus on protecting data by putting it in “cages,” “containers,” or limiting use to centralised processing only. This limitation is done without considering the context of what the desired data use will be, including decentralised data sharing and combining. These approaches are based on decades-old, limited-use perspectives on data protection that severely minimise the kinds of data uses that remain available after controls have been applied. On the other hand, many other new data-use technologies focus on delivering desired business outcomes without considering that roadblocks may exist, such as those noted in the four problems above.
Anonos technology allows data to be accessed and processed in line with desired business outcomes (including sharing and combining data) with full awareness of, and the ability to remove, potential roadblocks.