“Data deidentification has many benefits in the context of the EU General Data Protection Regulation. One of the recurring questions is whether consent is required to anonymize or deidentify data,” Khaled El Emam and Mike Hintze, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, write. They also note that Article 29 Working Party guidance sets a high bar for strong anonymization. Both approaches offer controllers and processors with powerful means to use and share data, sometimes including sensitive health data while remaining in compliance with the GDPR. Today, they’re hosting a two-hour Active Learning Day session on pseudonymization and anonymization under the GDPR. Earlier this year, they wrote this article on the topic for The Privacy Advisor.
If you want to comment on this post, you need to login.