Where GDPR Meets eDiscovery (2): The difference between Anonimization and Pseudonymization
In the former blog, we discussed storing archives that are often subject to regulatory requests or eDiscovery. The blog follows the ACEDS webinar “There is no Silver bullet to cover all GDPR requirements” (recording is available) about the great impact of the General Data Protection Regulation on how companies and government organizations manage digital information.
Redaction and anonymization are very practical and cost-effective means for GDPR-compliant storing of data repositories and archives that are often subject to regulatory requests or eDiscovery.
Anonymization and pseudonymization become crucial when you need to transfer data outside of the EU to respond to regulatory or eDiscovery requests. Or when parties outside of the European Union need to access data rooms in the EU for M&A, real estate or litigation reviews.
True anonymization however, poses a difficult standard for most organizations. With redaction, information is rendered anonymous, such that the data subject is no longer identifiable. A great deal of business data is useful only if the identifiers are intact (i.e., human resources), particularly in litigation and regulatory evidence.
With pseudonymization, data can no longer be attributed to a data subject. Additional information to identify is kept separate and subject to technical and organizational security measures. The identifiers, once reunited with the core data, must be safeguarded like any other Personal Data.
Try it yourself
With ZyLAB’s technology the cost of redaction and pseudonymization is significantly lower than manual work, also it is faster, better and smarter.
Sign up for a free eDiscovery software trial account and experience ZyLAB ONE eDiscovery, the most intuitive and sophisticated eDiscovery solution.