Data has become exponentially more valuable to businesses in the digital age. Some have coined the term "data is the new oil". What is certain is that the mass processing of data raises the question of personal data protection at a global scale. Privacy concerns have given rise to a multitude of regulations (the General Data Protection Regulation (GDPR) in Europe, Consumer Privacy Act in California, Personal Information Protection Act (PIPA) in Japan, Korea and Taiwan, Personal Data Protection Act (PDPA) in Singapore, Malaysia, Thailand and Indonesia, Personal Data (Privacy) Ordinance in Hong Kong, Cybersecurity Law (CSL) in China, to name a few). These regulations apply to all organizations, even the smallest. As a general rule, data anonymization has emerged as the preferred solution for many organizations. But what exactly is anonymization and how do I know if my organization is concerned?
Personal data: a wider area than you might think
According to the GDPR, personal data is “any information relating to an identified or identifiable person”. In other words, personal data is any information that directly or indirectly identifies a person. It can therefore be a name, a city of birth, but also a customer number, an email address, etc. Moreover, organizations must also be aware that an individual can be identified by cross-referencing data. This is therefore an important aspect that every organization must take into account when collecting or processing information.
The vast majority of organizations, regardless of their size, are required to process this type of information on a daily basis. The anonymization of data is therefore a real challenge. Whether it is simply a question of compliance with the law or the desire to protect their customers, organizations must protect the personal information in their databases.