Anonymization and Pseudonymization under GDPR
Vložit
- čas přidán 14. 06. 2024
- How can organizations limit their risk of GDPR violations? The GDPR strongly recommends using techniques such as anonymization and pseudonymization. #gdpr #anonymization #pseudonymization #privacy #dataprotection #europeanunion #complianceregulations #eulaw #risk #violations #bigdata #ai #eu #techniques #organizations #limit #dataprivacy #datasecurity #data #cyber
╾╴CONTENTS OF THIS VIDEO╶╼
00:00 - Intro
00:26 - Recap-Which Organizations are Subject to GDPR?
01:08 - What is Anonymization?
01:32 - Let’s Take an Example of Anonymization
03:19 - What is Pseudonymization?
04:04 - How does Pseudonymization Work in Practice?
05:23 - Why Organizations Must Start Safeguarding Data
Like to learn more about GDPR and CCPA? Head over to dpoadviser.com/videos/ and check out new videos posted each week. - Věda a technologie
Great explanations. Thank you very much.
Ariyo, Thank you for the kind feedback. I am glad you found the video helpful!
-Mike
very helpful, thank you so much
You're welcome. Glad you found it helpful!
Brilliant! Thanks
Thank you, Iubna!
Great video, thank you! Quick Question, take a lab referral, for example, it contains 3 data entities, patient data (the person the referral is about), the referring doctor (person sending the referral), the outpatient lab (the people receiving the referral data). In order to use this data for research, would we only anonymize the patient data, or the other parties as well?
wow..very good.
Thank you, Wonkyu!
First of all, great video as it helps many people to understand what can be done to safeguard personal information. Even when using Pseudonymization, would this attribute still counts as personal data (e.g. as identification number)? If so, there must be a lawful ground in place to process this data even if its Pseudonymised. Is this correct?
Hi Tony, Thank you for the kind feedback! Also, that's a great question. Unlike anonymization, pseudonymization does not remove all identifying information from the data but reduces the linkability of a dataset with the identity of an individual. Although Recital 28 of the GDPR recognizes that pseudonymization “can reduce risks to the data subjects,” it is not alone a sufficient technique to exempt data from the scope of the Regulation (i.e., it remains as personal data).
The map of the EU is incomplete- Croatia is missing (a member since 2013.).
Does GDPR codify metadata?
How can Pseduonymization cause reidentification
Hi Arvind,
To answer your question, it's best to compare what the main difference is between anonymization and pseudonymization.
Under recital 26 of the GDPR, anonymized data is “personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.” Data that has successfully been anonymized is no longer capable of reidentification of the data subject. For this reason, GDPR no longer applies to anonymized data.
Pseudonymization, in contrast, reduces the linkability of data to its data subjects by separating the data from direct identifiers and replacing them with artificial identifiers, or pseudonyms, which may be recalled at a later date to re-identify the record. The data protection officer (or another responsible stakeholder) within an organization holds the key that may later re-identify the data subjects in that given data set. To answer your question, pseudonymized data can ultimately result in re-identification if the data protection officer re-identifies the data set or if the key (that was supposed to be safeguarded) were to be access by hackers, lost, etc. As a result, pseudonymized data remains subject to the GDPR, despite having less risk for reidentification.
I hope this helps answer your question.
@dpoadviser The goal of Pseudonymization is to de-couple data from a subject. Re-identification should not arise otherwise it beats the original purpose of pseudonymization.
@@tried1998 Re-identification must happen at some point, otherwise healthcare facilities won't know anything about a patient to treat them. The goal is to prevent unauthorized access from hackers, etc. So, even if someone manages to steal the data, they'd see that the personal identifiers were already detached from any record in a database that could potentially re-identify someone.
Also, since the data is likely to be encrypted, along with using pseudonyms, it's virtually useless to even the most advanced hackers in the world without a decryption key. So it's still very secure.
@darrellm9915 what makes you think pseudonymization only occurs in that scenario?
@@tried1998 Where did I say that?...
I was using healthcare as an example.
Just some positive criticism -
Great video and good explanation but I would work on using facial expressions and hand gestures at a slower rate and possibly with more variety. It just seems slightly unnatural. Also try limiting up-speak.