People and organisations are becoming more aware of data protection around the world and the European Union has undertaken the General Data Protection Regulation (GDPR) to help people take control over their personal data and ensure that businesses benefit from a level playing field.
Big data has been widely used across the globe by numerous organisations in order to improve their business strategies. However, when advanced analytics is applied to this data there is a high risk involved as one can get access to sensitive information such as an individual’s personal details such as contact number, age, gender, etc. This puts the privacy of individuals at risk and even violates data protection laws.
General Data Protection Regulation
To avoid such a situation, many privacy-preserving data processing regulations have also been introduced in the past but it is only recently that companies are implementing it owing to the increasing pressure of new privacy laws and regulations. For instance, the newly introduced General Data Protection Regulation (GDPR) by the European Union (EU) came into effect from May 25, 2018.
It is claimed to be the most important change in data privacy regulation in 20 years! In simple terms, with the implementation of GDPR, there is only one set of data protection rules for all companies operating in the EU, wherever they are based. On this, the European Commission website elaborates ‘stronger rules on data protection mean people have more control over their personal data and businesses benefit from a level playing field.’ One of the core highlights of GDPR is that the conditions of consent have been strengthened. This means that companies will have to ask permission from the individual before accessing their data.
Big data and GDPR
A paper titled ‘Privacy Issues and Data Protection in Big Data: A Case Study Analysis under GDPR’ further explains how the new reform will work in a ‘Big Data’ scenario. The GDPR regulates the collection, storage, and processing of personal data. Personal data are any data that can be linked to a specific person. This includes not only direct personal identiﬁers (e.g., full name, national ID number) but also indirect identiﬁers like phone numbers, IP addresses, or photos with identiﬁable people.
Data that do not include such identiﬁers are commonly regarded as anonymous and are outside the scope of GDPR. The results of big data analysis are very often statistical ﬁndings without direct links to speciﬁc individuals. Hence, a simple method to conform to all requirements of GDPR is to process only anonymous data. However, the deﬁnition of anonymity is not trivial. Even if directly identiﬁable parameters are removed from a dataset, it might be possible to re-identify single individuals by combining the dataset with other information. This approach for de-anonymization is called background knowledge attack. GDPR without giving a precise or concrete deﬁnition of anonymity considers a dataset anonymous when re-identiﬁcation is only possible with high effort or unlikely means.
Data protection has become all the more important in today’s world where data is constantly evolving. Many other countries have incorporated data protection laws, however, the GDPR is considered to be one of the most effective one. If you are from the EU, be assured that your data is in safe hands.