Part one: Data segregation, suppression, anonymisation and pseudonymisation
Businesses, large and small, handles data in one way or another. The only difference is the scale, type and sensitivity of that data. With the GDPR in effect, how does this impact IT professionals and how they provide their services internally as well as to external clients?
Every individual has data with varying sensitivity and therefore requires different means of storage and handling. Depending on the different roles within your organisation you may want to segregate data by what people need access to, for example:
'Company A' handles orders for widgets that are delivered by a third party. 'Company A' has a sales team, warehouse team and an accounts team. When deciding what data each role requires 'Company A' matches the type of data with the appropriate role:
Using the above 'Company A' can segregate the data appropriately as defined by their roles.
Data suppression takes the above slightly further, by removing a column of data which the user does not need. Using 'Company A' again, we take our example further.
The sales team has access to a customer's sales history and will make recommendation based on the type of product they had
|Customer Id||Item||Category||Description||Quantity||Price per item||Total|
|100||Widget Box||Widget||Box of widgets||10||£20.00||£200.00|
|100||Fixings||Widget||Fixings for widgets||1||£15.00||£15.00|
With reference to the above, all that the sales team needs are the customer ID and the category, so the other columns can be removed (not just hidden) and the data can then be supressed based on the role.
Pseudonymisation takes data and replaces it with a foreign key, code or reference so that the individual cannot be identified. In the previous section when we supressed 'Company A' customer orders data, you can see above that we replaced the customer's personal data with an ID. Without the corresponding table we cannot identify this individual. This can be extended to any data you hold and is done in relational databases.
Anonymisation is the process of encrypting or removing personally identifiable data and therefore the data subject is anonymous.
We can see examples of the above by using our 'Company A' example:
'Company A' is going to ask a third party to analyse their sales data to see various trends to plan further marketing strategies. By sharing the entire dataset, individuals can be vulnerable to data protection issues. However, by anonymising the data where personally identifiable data is replaced with some thing more general or by an external identifier, the data can still be used but not to identify an individual.
|Name||Postcode||Item||Cost||IP Address||Telephone||Date of Birth|
|John Smithemail@example.com||S9 1BY||Widget||£100.00||10.0.0.0||0114 244 44 61||12/01/1970|
Table A: Before anonymisation
|Name||Postcode||Item||Cost||IP Location||Tel. Location||Date of Birth|
|Swapped for ID (which points to email address that has been supressed||Only the outcode is retained||Not personal data||Not personal data||IP swapped for general location of IP address||Telephone number has been swapped for city||Only the year is retained|
Table B: After anonymisation
With the above you can implement safeguards to protect the data if there is a breach, but the main aim is to prevent breaches altogether. In the next part we will look at simple ways of preventing and minimising breaches.
If you have any questions about GDPR itself and how it effects your business, please call EL Direct on 0114 241 7092 or email firstname.lastname@example.org and speak to one of our experts.
By Gareth Hopkins
If you don't have Microsoft Office, or Microsoft Word installed on your PC or Mac, don't worry - you can still use our products. You can get a free alternative from Open Office.
Open Office Org is open-source developed alternative to Microsoft Office, developed by a large software company called Oracle. Open Source means the company who build the software, allow 100% use of it, 100% free.
Since Open Office is specifically developed to be exactly the same as Microsoft Office, with all the same programs in the suite (Eg: Word, Excel, Access and Power Point) - it will freely open any Microsoft Office file-format. Meaning, just because a document was written in Microsoft Word, doesn't mean it can't be opened in another program. Open Office will do that, and vise versa.
To download and install Open Office;