←  Back

Who needs to consider data anonymization for GDPR compliance?

With GDPR running for some time, we notice that many companies are late with its proper implementation.

 

GDPR demands from companies to comply on multiple levels, including the protection of sensitive user data. If your testing departments work with real user data, this is a breach that could get you in trouble. The right way is to work with anonymized data, especially in industries that typically have large testing departments. Here are some examples.

 

1. Banking

Banks manage large databases with a lot of sensitive user information like credit card numbers, IBAN account numbers, personal data, etc. The clients have a right that their data is erased and forgotten, which is almost impossible to do manually. Banks need to keep transaction data which is usually placed in a large number of connected tables. If this issue is not addressed systematically, there is a chance that they already breach GDPR rules.

 

2. Financial services

There have been a couple of examples lately regarding companies that suffered a data breach. E.g. Deloitte experienced a cyber attack that allowed hackers to have access to real data. Equifax is a consumer credit reporting agency that also suffered from a data breach, with over 800 million consumers whose private data was exposed. Even if the protection level of data is not very high, the anonymized data would not be worth to hackers.

 

3. Credit card processors

Card processors also deal with many files stored in large databases. They typically test imports, but to comply with GDPR, database and files in sync should be anonymized. This also means that new data that arrives needs the same level of protection.

 

4. Insurance companies

If someone has access to private medical information, there is no doubt that this would be very problematic. This kind of data contains information about diseases and similar data, which could cause damage to individual people. To prevent that the information goes to the wrong hands, the insurance companies should deal with real data only when it is necessary and if a piece of information is not necessary for the processing of the person, they should simply anonymize it.

 

5. Delivery and logistics

Like many other companies, delivery and logistics companies operate with a lot of user data. This kind of data is also exchanged with their partners that help them with everyday operations. There should be a way to make sure that the partners don’t work with the data that could compromise someone’s identity.

 

6. Telecom operators

We shouldn’t forget the telecom area since these companies regularly take care of GDPR compliance. What they often forget is data anonymization and how the testing departments work. With many user information stored in their databases, they might need a solution that keeps data anonymized for different users.

 

 

Interested in the topic? To read the full article and relevant information, visit our site that deals with data masking and anonymization.

September 18, 2018

Worth sharing?

Your friends will appreciate it.

You might also be interested in other topics.