Press Release

March 8, 2017
Anonos Logo PRNewswire Logo

FAQs on GDPR Compliant Data Analytics Now Available

NEW YORK, March 8, 2017 /PRNewswire/ -- Industry GDPR FAQs on compliant big data analytics from the International Association of Privacy Professionals (IAPP) GDPR Big Data Analytics Webinar are now available.

The questions were provided by the over 600 global privacy professionals who registered for the event. Those answering the questions included technology, legal policy, and regulatory experts, the latter represented by the French CNIL data protection authority. The webinar was on enabling big data analytics under the EU General Data PProtection Regulation (GDPR), which mandates debilitating fines for noncompliant use of data analytics. 

The complete FAQs, along with a glossary of key terms and an article entitled 5 Stages of GDPR Awareness are now available on the website of Anonos, the co-sponsor of the IAPP GDPR Big Data Analytics Webinar. The FAQs and other material may be downloaded at

The IAPP GDPR Big Data Analytics Webinar featured Gwendal Le Grand, the Director of Technology and Innovation at La Commission Nationale de l'Informatique et des Libertés (CNIL), the independent French administrative regulatory body whose mission is to ensure that data privacy law is applied to the collection, storage, and use of personal data; Mike Hintze, former Microsoft Chief Privacy Counsel and now partner at Hintze Law; and Gary LaFever, former partner at Hogan Lovells international law firm and now CEO at Anonos, a company specializing in technology that enables compliance with the GDPR while unlocking the value of data. The webinar attracted unusually high interest, and several thousand downloads of the webinar summary and related materials have already been made from the website.

In response to a question, if persistent "anonymous" identifiers are not legal under the GDPR, Gwendal Le Grand stated, " GDPR just makes it explicit that some data that was sometimes called 'anonymous' identifiers by some stakeholders are actually personal data and have to be protected as such. It means, inter alia, that the controller must have a legal basis to process them. This can be 'legitimate interest.' In such case, the controller will have to make sure that data subject can exercise their rights. It also means that these personal data must be protected with appropriate safeguards."

In response to a question about any grace period before fines for noncompliance are imposed, Mike Hintze said, "The 'grace period' is the two years between the passage of the GDPR in 2016 and May 2018. In May 2018, the GDPR will be fully enforceable and organizations should plan to be in full compliance."

It's critical that companies are in compliance by that date since substantial fines can be imposed for noncompliance; in fact, fines can be as high as 4% of global gross revenues.

In response to a question about whether encryption can satisfy technology requirements for data analytics, artificial intelligence or machine learning under the GDPR, Gary LaFever said, "Encryption is an invaluable security tool, use of which is encouraged under the GDPR. However, encryption alone does not satisfy obligations under the GDPR with regard to Data Protection by Default or Pseudonymisation."

A White Paper co-authored by Mike Hintze and Gary LaFever in connection with the IAPP GDPR Big Data Analytics Webinar entitled Meeting Upcoming GDPR Requirements While Maximizing the Full Value of Data Analytics - Balancing the Interests of Regulators, Data Controllers and Data Subjects, introduces "Controlled Linkable Data" as a new category of technical means for satisfying GDPR requirements. This new category of data-protection technology is also sometimes referred to as "Dynamic Data Obscurity."

Controlled Linkable Data/Dynamic Data Obscurity enables intelligent technical and policy solutions that deliver the benefits of data uses while avoiding the risks. In the White Paper, Jules Polonetsky, CEO of the Future of Privacy Forum, said: "Controlled Linkable Data enables intelligent technical and policy solutions that deliver the benefits of data uses while avoiding the risks." Martin Abrams, Executive Director & Chief Strategist at the Information Accountability Foundation said, "Controlled Linkable Data tools minimize risk by de-linking and re-linking data to break the stalemate between responsible use and data obscurity."

As noted above, the FAQs, glossary of key terms, and article on 5 Stages of GDPR Awareness are available at

The goal of Anonos is to provide timely, relevant information about big data innovation and, with regard to the GDPR, how to continue to use data analytics and artificial intelligence in a compliant manner with patented technology, called BigPrivacy®. Click here to sign up for information and news alerts from Anonos:


This article originally appeared in PR Newswire.  All trademarks are the property of their respective owners. All rights reserved by the respective owners.