The Article 29 Working Party has said organisations should have a general obligation to "anonymise or pseudonymise" personal data when processing personal data if it is "feasible and proportionate" to do so, Out-Law.com reports. In its published opinion on the European Commission's proposed General Data Protection Regulation, the Working Party says the concept of pseudonymisation should be "introduced more explicitly." It also says data protection authorities should not be required to issue fines for breaches but rather that the power be "discretionary." The opinion also voices concerns surrounding the draft rules' clarity on jurisdiction and the breadth of mandatory data breach notifications.
If you want to comment on this post, you need to login.