Member-only story
Data Obfuscation will not Anonymize You
Data obfuscation is a key concept of GDPR and other data privacy laws in general, but it doesn’t anonymize you as a person. Here is why, based on science.
I am in data domain more than a decade and currently working as Principal Data Engineer. I applied GDPR to 3 companies from scratch, and I am expert on data privacy topics.
It is always a discussion what to do in technical way. There are several approaches if you would like to build your own privacy tools/procedures as well as products that they are following their own way. One of the biggest downsides of GDPR is that it is only a rule-set. It doesn’t specify which hashing algorithms you need to use, which length they should be etc. GDPR tries to give some flexibility to the companies, but it becomes one of the sweet spot for customer data if data obfuscation (some places calls as data masking, data hashing) is not performed properly.
Legal Base
Recital 26 of the GDPR states that the principles of data protection should apply to any information, “concerning an identified or identifiable natural person.” Hence, the principles do not apply to anonymous information or to personal data through which the subject is not identifiable.
