GDPRtoons is a collection of informative and thought-inspiring cartoons focused on the pending General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) that will be enforced in May of 2018. The GDPR European Union laws will drastically change HOW-WHEN-WHY-WHERE personal data is collected and stored for 750 million people in 28 EU countries and 3 EEA countries. *** Link to PDF of GDPR
Saturday, September 16, 2017
GDPR and Pseudonymisation
Pseudonymisation is the process where identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. With regard to the security of personal identifiable information, the 'keys' linking the pseudonyms to the actual data should be secured in a separate location.
The GDPR considers pseudonymisation and encryption of personal data as one of the appropriate technical and organisational measures to ensure a level of security, [GDPR Article 32, Paragraph (1a)].
The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. [GDPR Citation (26)].
To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. [GDPR Citation (26)].
The application of pseudonymisation to personal data can reduce the risks to the data subjects concerned and help controllers and processors to meet their data-protection obligations. The explicit introduction of ‘pseudonymisation’ in this Regulation is not intended to preclude any other measures of data protection. [GDPR Citation (28)].
In order to create incentives to apply pseudonymisation when processing personal data, measures of pseudonymisation should, whilst allowing general analysis, be possible within the same controller when that controller has taken technical and organisational measures necessary to ensure, for the processing concerned, that this Regulation is implemented, and that additional information for attributing the personal data to a specific data subject is kept separately. The controller processing the personal data should indicate the authorised persons within the same controller. [GDPR Citation (29)].
Subscribe to:
Post Comments (Atom)
Great Article
ReplyDeleteCyber Security Projects for CSE Students
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai