Smart data, Anne-Tania Desmettre,
Over the past 18 months, the management of personal data security issues has been altered by anonymization projects. This technique aims at preventing in an irreversible way the identification of a data. It consists in changing the structure or the content of this data, so that all the information attached to it is modified or deleted in order to avoid the identification of the individual.
Anonymization and the RGPD
For reasons that escape us, the market has attached anonymization to the GDPR, even though Article 32 "Security of processing" states that: "[...] the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia, as necessary: a) pseudonymization and encryption of personal data; [...]"
"For reasons that escape us, the market has attached anonymization to the GDPR."
However, many press articles or websites take the trouble to specify that the RGPD recommends, among the different technological choices allowing to address the security of personal data: anonymization. This technique is, in fact, a process cited in the 1978 Data Protection Act. What a persistence!
Anonymization: A guarantee of absolute security?
Such orientations are not acceptable from all those who want to be in control of the new regulation, who present themselves as such and who position themselves as experts in digital transformation. Why? This technique is not an absolute guarantee of security and pollutes the teams. Indeed, it is possible to reconstitute the identity of an individual from anonymized data as soon as it can be crossed with other external or non-external data and analyzed.
"This technique is not an absolute guarantee of safety and pollutes the teams"
Statistical analysis
While it may be coherent to make an entire database anonymous when its exploitation is limited to statistical analyses for which the precise identity of the individual does not provide any added value, it becomes absurd to use such a "security" technique when it leads to a loss of value, control and understanding of the data in its daily economic exploitation. However, it becomes absurd to use such a "security" technique when it leads to a loss of value, control and understanding of the data in its daily economic use. This anonymization approach, which instead of bringing serenity to the exploitation of personal data, causes disruption, disorientation and consequent disappointment within teams. As a result, projects get stuck, do not move forward and become irritating.
The inability of teams
At this stage of the blockages, lies the inability of the teams to correctly define the purposes for which anonymization should be practiced and to correctly identify the consequences. And, it cannot be otherwise since anonymization is then used for the wrong reasons. In fact, GDPR compliance can only be achieved with "GDPR as Code end-to-end" platforms. With such a platform, anonymization is no longer necessary. It is used in Big Data platforms when they are deployed in the public cloud, in order to annihilate any risk of privacy breach, and for the exploitation of databases dedicated to statistical analysis.
"In fact, GDPR compliance will only find salvation in "GDPR as Code end-to-end" platforms. With such a platform, anonymization is no longer relevant."
Advice
For all these reasons, it is essential to be accompanied in your digital transformation to properly address the issue. It is essential to select the right Big Data platform, specialized in personal data, and to choose the right companies to accompany you in your transformation and compliance.
