Enforced in May 2018, the introduction of the General Data Protection Regulation (GDPR) is the first change to privacy laws in the EU in 23 years and is set to disrupt organisations worldwide. As one of the strictest data regulation acts to date, businesses will need to become compliant in their marketing and data efforts or face fines of up to €20m, or up to 4% of their annual global turnover (whichever is greater). Two-thirds of businesses are expecting to have to change their global strategies and over half think they are likely to be fined due to the GDPR.
GDPR in a nutshell
• The GDPR states that everyone has the fundamental right to the privacy of their data
• Businesses need to ensure that individuals understand how and why their data is being collected
• Individuals have the right to request that their data is erased within one month of the request
• Businesses will need to appoint a data protection officer to ensure they comply with the new regulations
• In the case of a data breach, companies are required to report it to an EU regulator within 72 hours or risk fines
• The GDPR will affect every business that collects data of an EU resident
Pseudonymisation and Anonymisation
The power of ‘big data’ is undeniable and it’s often integral in unlocking valuable business insights that can help personalise customer experience, improve marketing campaigns and drive revenue. There is no doubt that the GDPR will have a profound effect on the work of data scientists, as consumers must give their consent for their personal data to be used. But, is there a way around this?
The GDPR does “not apply to anonymous information” which is defined as “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information”.
Data scientists can use anonymisation to ensure that an individual’s personal data cannot be identified and therefore won't technically be in breach of the GDPR. However, they must ensure that this is not used in conjunction with any other data sets that aren’t anonymous.
Another technique data scientists are using is pseudonymisation, and the main difference between this and anonymisation is the fact that pseudonymisation still allows for some form of reidentification, whereas anonymous data cannot be re-identified. For this technique to be compliant, the ‘additional data’ must be kept entirely separate and not be attributable to a person, an example of this is using data encryption.
There are a variety of methods in place for data analysis that will still comply with the GDPR. However, it’s up for discussion how meaningful anonymous datasets can be. A Master of Data Science at James Cook University Online is delivered by award-winning teaching staff and leading experts who recognise the power of data and numbers. This innovative Master’s degree puts professionals ahead of the pack in one of the world’s fastest-growing sectors.
Find out more here.