The benefits of complying with new GDPR technical and organisational requirements extend beyond merely avoiding liability under EU law. The tremendous potential of big data analytics, artificial intelligence (AI) and machine learning require organisational and technical measures to enable data handling to support maximum lawful data value extraction on a global basis. New GDPR requirements for Pseudonymisation and Data Protection by Design and by Default provide a template for controlling the selectiveness and linkability of data based on the context of data use. In other words, technologically restricting access to only the information needed for each application on a real-time basis.
Anonos BigPrivacy first-of-its-kind patented technology enables enforcement of granular, context-sensitive control over both structured and unstructured data so that only that data necessary at any given time (and only as required) to support each authorized process is made available using keys. Technical and organisational measures enable data controllers and processors to control access to and use of keys to control the linkability of data for big data analytics, artificial intelligence (AI) and machine learning. In legal terms, Anonos BigPrivacy technology uniquely satisfies GDPR requirements under Article 4(5) (satisfying new definitional requirements for “Pseudonymisation”), Articles 11 and 12 (satisfying exemption conditions of “processing that does not require identification”), as well as Article 25 (satisfying new “Data Protection by Design and by Default” requirements).
Anonos BigPrivacy technology uniquely enables the following three GDPR compliant strategies for maximizing the value of big data analytics, artificial intelligence (AI) and machine learning:
- Anonymous Data – When identifying keys are held by data subjects, deleted or otherwise controlled; valuable, non-identifying, non-personally identifying can be used for big data analytics, artificial intelligence (AI) and machine learning outside the scope of the GDPR.
- Pseudonymised Data– Technical and organisational measures improve data utility by separating the information value of data from the means of attributing data to individuals. Dynamic pseudonymisation techniques and contextual controls satisfy Data Protection by Design and by Default requirements. Pseudonymisation supports Public Interest and Legitimate Interest as valid legal bases for processing personal data while still allowing linkability of data under controlled conditions by authorized parties. GDPR compliant Pseudonymisation supports big data analytics, artificial intelligence (AI) and machine learning.
- De-Identified Data – When identifying keys are not held by a data controller/processor so the data controller/processor is “not in a position to identify the data subject” (GDPR Articles 11(2) and 12(2)), then the data controller/processor is relieved of supporting data subject rights under GDPR Articles 15-22 to enable greater use of big data analytics, artificial intelligence (AI) and machine learning in a privacy-respectful manner.