Gary LaFever | September 9, 2017

3 GDPR Compliant Strategies to Maximize the Value of Big Data Analytics


The benefits of complying with new GDPR technical and organisational requirements extend beyond merely avoiding liability under EU law. The tremendous potential of big data analytics, artificial intelligence (AI) and machine learning require organisational and technical measures to enable data handling to support maximum lawful data value extraction on a global basis. New GDPR requirements for Pseudonymisation and Data Protection by Design and by Default provide a template for controlling the selectiveness and linkability of data based on the context of data use. In other words, technologically restricting access to only the information needed for each application on a real-time basis.

Anonos BigPrivacy first-of-its-kind patented technology enables enforcement of granular, context-sensitive control over both structured and unstructured data so that only that data necessary at any given time (and only as required) to support each authorized process is made available using keys. Technical and organisational measures enable data controllers and processors to control access to and use of keys to control the linkability of data for big data analytics, artificial intelligence (AI) and machine learning. In legal terms, Anonos BigPrivacy technology uniquely satisfies GDPR requirements under Article 4(5) (satisfying new definitional requirements for “Pseudonymisation”), Articles 11 and 12 (satisfying exemption conditions of “processing that does not require identification”), as well as Article 25 (satisfying new “Data Protection by Design and by Default” requirements).

Anonos BigPrivacy technology uniquely enables the following three GDPR compliant strategies for maximizing the value of big data analytics, artificial intelligence (AI) and machine learning:

  • Anonymous Data – When identifying keys are held by data subjects, deleted or otherwise controlled; valuable, non-identifying, non-personally identifying can be used for big data analytics, artificial intelligence (AI) and machine learning outside the scope of the GDPR.
  • Pseudonymised Data– Technical and organisational measures improve data utility by separating the information value of data from the means of attributing data to individuals. Dynamic pseudonymisation techniques and contextual controls satisfy Data Protection by Design and by Default requirements. Pseudonymisation supports Public Interest and Legitimate Interest as valid legal bases for processing personal data while still allowing linkability of data under controlled conditions by authorized parties. GDPR compliant Pseudonymisation supports big data analytics, artificial intelligence (AI) and machine learning.
  • De-Identified Data – When identifying keys are not held by a data controller/processor so the data controller/processor is “not in a position to identify the data subject” (GDPR Articles 11(2) and 12(2)), then the data controller/processor is relieved of supporting data subject rights under GDPR Articles 15-22 to enable greater use of big data analytics, artificial intelligence (AI) and machine learning in a privacy-respectful manner.

Are you facing any of these 4 problems with data?

You need a solution that removes the impediments to achieving speed to insight, lawfully & ethically

to Insight
Are you unable to get desired business outcomes from your data within critical time frames? 53% of CDOs cannot achieve their desired uses of data. Are you one of them?
Lack of
Do you have trouble getting access to the third-party data that you need to maximise the value of your data assets? Are third-parties and partners you work with worried about liability, or disruption of their operations?
Inability to
Are you unable to process data due to limitations imposed by internal or external parties? Do they have concerns about your ability to control data use, sharing or combining?
Are you unable to defend the lawfulness of your current data processing activities, or data processing you have done in the past?
Traditional privacy technologies focus on protecting data by putting it in “cages,” “containers,” or limiting use to centralised processing only. This limitation is done without considering the context of what the desired data use will be, including decentralised data sharing and combining. These approaches are based on decades-old, limited-use perspectives on data protection that severely minimise the kinds of data uses that remain available after controls have been applied. On the other hand, many other new data-use technologies focus on delivering desired business outcomes without considering that roadblocks may exist, such as those noted in the four problems above.
Anonos technology allows data to be accessed and processed in line with desired business outcomes (including sharing and combining data) with full awareness of, and the ability to remove, potential roadblocks.