Il 01/04/2019 20:48, Rory Campbell-Lange ha scritto:
On 01/04/19, Moreno Andreo (moreno.andreo@xxxxxxxxxx) wrote:
...
I'm not forced to use pseudonimysation if there's the risk to get
things worse in a system. I've got to speak about these"two opposing
forces at work" to a privacy expert (maybe choosing another one, as
Peter suggested :-) ) and ask him if it could be used as a matter of
declining pseudonymisation because of "pseudonimysation puts at risk
overall performance or database integrity"
How to interpret the pseudonymisation conditions is ... complicated.
Yes, it is indeed... :-)
The
UK's Information Commissioner's Office (ICO) writes that
pseudoanonymisation relates to:
“…the processing of personal data in such a manner that the personal
data can no longer be attributed to a specific data subject without
the use of additional information, provided that such additional
information is kept separately and is subject to technical and
organisational measures to ensure that the personal data are not
attributed to an identified or identifiable natural person.”
and that this "...can reduce the risks to the data subjects".
The concept of application realms may be relevant to consider here. An
application may be considered GDPR compliant without pseudonymisation if
other measures are taken and the use case is appropriate.
That could be my case, so I'll have to discuss the strategy and measures
to be adopted with a privacy consultant.
On the other hand, a copy of a production database in testing which has
been pseudonymised may, if compromised, still leak personal data. As the
ICO states:
“…Personal data which have undergone pseudonymisation, which could
be attributed to a natural person by the use of additional
information should be considered to be information on an
identifiable natural person…”
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/
If leakage occurs pseudonymisation has achieved nothing.
That's another aspect of the question.
Thanks for the clarification,
Moreno.-