Use Pseudonymisation-Enabled Processing to:
Key Business Considerations
Maximising employee wellbeing and effectiveness positively impacts the ability of organisations to achieve strategic goals and objectives. Employee-related personal data enables firms to improve recruitment, talent management, employee engagement, performance and retention programs. However, while employee-related personal data is incredibly valuable, it can be legally and ethically challenging to use for desired secondary processing and repurposing.
The imposition of fines and corrective actions by the Greek Data Protection Agency against PwC, a “Big 4” accounting and auditing firm, highlights the severity of this challenge. PwC’s choice of consent was an inappropriate legal basis for repurposing employee personal data because it transferred the compliance burden onto the data subjects. Relying on consent in these circumstances was inappropriate due to the imbalance of power between employees and employer.
Sophisticated HR organisations have been leveraging Talent Analytics for some time now to advance organisation performance. Most talent analytics are by nature properly characterised as secondary uses or repurposing of data. Maximising insights from secondary uses of data is a part of the larger trend of digital transformation of organisations.
Increasingly, organisations are asking themselves, “what if we can no longer lawfully repurpose data?”
Key Legal Considerations
Despite the benefits for organisations of using and processing employee data, the GDPR has significantly changed the requirements for lawful secondary use of employee personal data. The three standard approaches that have typically been used to support repurposing of data including Talent Analytics (anonymisation, consent, and contract) can no longer be relied upon to make many desired uses of data lawful.
This means that you need to rely on another legal basis to process this data: Legitimate Interests processing. Legitimate Interests processing provides benefits for data controllers wanting to lawfully use data for secondary processing and repurposing.
However, for Legitimate Interests processing to satisfy legal requirements, you must show that you are using “appropriate safeguards” that reduce the risk of data misuse, such as GDPR-compliant Pseudonymisation.
Anonos Pseudonymisation Technology
The problem is that until now, no data protection technologies were capable of supporting Legitimate Interests processing, by reconciling the conflict between data protection and utility when processing the personal data of customers to maximise lawful data value.
For example, conventional data protection technologies that support anonymisation, encryption, static token allocation, and differential privacy:
Click here to learn what other global companies have proven – that it is possible to retain up to 100% of the accuracy of analytical value when processing datasets protected using patented Anonos Variant Twins®.
Anonos state-of-the-art Pseudonymisation technology is superior to other data protection techniques because it helps enable lawful repurposing, distributed secondary processing and data sharing while delivering data utility equivalent to processing unprotected cleartext versions of personal data.