Table of Contents
As a business owner, you will know the need to handle information in ways set out within data protection rules. England’s most important data protection laws are the General Data Protection Regulation (GDPR) and Data Protection Act. Both sets of rules come under the Information Commissioner’s Office (ICO). The ICO can investigate potential rule breaches and issue financial penalties of up to £17.5 million. However, your business can avoid breaching data protection rules by utilising anonymised data. This article will explore the potential benefits of anonymising your company’s information and how doing so may lessen the risk of fines from the ICO.
Why Does My Company Have to Worry?
Most business owners are motivated to follow data protection to avoid the ICO’s hefty fines. Over recent years the ICO has investigated many data breach allegations and issued many penalties. However, there is also a reputational advantage to processing information safely. Many businesses have suffered public relations issues following data breaches through cyber attacks.
What is Anonymised Data?
Therefore, the phrase ‘anonymised data’ covers personally identifiable information that passes through an anonymisation process to ensure it cannot identify the relevant individual. This differs from pseudonymised data, which creates an alternative version of existing user data. Furthermore, there is the potential to reverse-engineer this data.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
Example
Suppose your business had four customers last week; being Charlie Brown, Samuel Snoopy, William Woodstock and Linus Van Pelt. However, at the point of taking their orders by phone, you provide them with randomly generated reference numbers which you record within your sales spreadsheet as follows:
- 0010;
- 0067;
- 0811; and
- 1821.
This would be anonymised data because there is no easy way to figure out their identities. In contrast, if your company record their full names in a ‘full’ sales document and simply swaps the names for ‘customer 1’ and ‘customer 2’ (and so on) in an ‘alternative’ version, this would be pseudonymised data because the company has the means to reverse engineer the data.
Let us explore three potential advantages of utilising anonymous information below.
1. It Falls Outside the ‘Personal Data’ Definition
Truly anonymised data does not constitute ‘personal data’ under the GDPR because it does not identify any particular individuals. Therefore, it falls outside the most stringent rules within the GDPR and limits the chance of any fine from the ICO for misuse of personal information.
2. It is Safer Than Using Pseudonymised Information
In contrast, pseudonymised information does constitute ‘personal data’ under the GDPR. This is because you can reverse-engineer information passing through a pseudonymisation process can be reverse-engineered. This means that your company or any individual could review the dataset and unmask identifiable data. Ultimately, this will ‘undo’ the pseudonymisation process. It is impossible to reverse engineer truly anonymised data, hence why it is not protected as highly under data protection rules.
3. It Can Make Recruitment Exercises Fairer
Many organisations are now using ‘anonymous’ recruitment exercises. Here, job candidates enter their details into a website which creates an anonymous application. Rather than inviting CVs including the candidates’ names and home addresses, it would create a job application with a unique identifier (such as ‘candidate 009’). It would exclude any identifying information regarding location, school or university (save the exam grades).
This process aims to give all candidates an equal chance of achieving a job interview. Accordingly, it eliminates biases based on, race, religion, nationality or other factors. Such a process can also help organisations fight allegations of favouring certain types of candidates due to the process masking sensitive data. This is also known as ‘data masking’.
Key Takeaways
There are numerous advantages to the use of anonymised data within your business. However, as with most things, the system must be suitable and ensure true anonymity. Thus, it should not be capable of reverse engineering. The golden question is whether or not the data is anonymised or pseudonymised, as one type of data will be personal data and the other will not. Because of this, many business owners use lawyers to create their anonymisation processes to ensure the information does not constitute personal data and can be of the most use.
If you need help utilising anonymous data, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
Our data protection laws treat private identifiers (sensitive information about an identifiable natural person) as precious and worthy of protection. This is because, in the wrong hands, it could open the individual up to data privacy risks (such as identity theft).
Yes. Your organisation should only record the information required to conduct business with that individual. The ICO disapproves of companies storing large amounts of unnecessary customer data.
We appreciate your feedback – your submission has been successfully received.