Data Analysis and GDPR: For the sake of value creation
Knowing your customer and, by extension, analyzing customer data is decisive nowadays to maintain a competitive advantage. In E-commerce, financial industries, governmental organizations and many other areas customer data is extracted from databases and is processed within Business Intelligence solutions like Power BI, SAS, Qlik or Tableau. Data analysts and scientists in organizations uncover valuable insights based on various descriptive and exploratory big data analytics.Using anonymized data is considered to be the state of art means to preserve the privacy of an individual person, but many CISOs report that anonymization does not occur at all or only occurs to an insufficient extent.
The number of recent data breaches and cases clearly shows the shortcomings, and insufficient data protection infrastructure in place, when companies process data. GDPR’s article 32 gives clear guidance to data processors that they must ensure that confidentiality, integrity, availability and resilience of processing systems and services will be maintained. For the case of data anonymization it must be guaranteed that the anonymization is irreversible and is done in such a way that it is impossible (or extremely impractical) to identify the data subject.
The Netflix Prize case, for example, clearly showed that by using a simple re-identification algorithm it was possible to identify individuals by cross referencing and combining several data sets. To avoid this, sharing anonymized customer data with internal analysts and or any third parties must occur within a framework of a deep risk modeling and risk analysis to ensure that the risks of the privacy breach remain low. Therefore data must be modified in a way that re-identification can be excluded to a significant (if not total) degree.
Spiceware’s ANP tool enables automatic anonymization and pseudonymization on the fly while transferring data from the source into analyzing tools or when sharing with employees or third parties. This guarantees that the personal identifiable information will never leave the gateway of the data controller. An automated risk analysis and privacy model setting (according to k-anonymity, L-diversity and T-proximity) will be effectively and automatically adapted to the dataset, enabling real-time risk modeling and assessment.
If you would like to find out more about how you can protect your data and align to the data-processing rules in GDPR just contact us at sales@spiceware.io.
