Recommendations on shaping technology according to GDPR provisions
An overview on data pseudonymisationAutor(es):
European Union Agency for Network and Information Security
Editor: Attiki, Greece ENISA november 2018Edición: Prokopios Drogkaris ; Athena BourkaDescripción: 43 pTipo de contenido: texto (visual)Tipo de medio: electrónico
Tipo de soporte: recurso en líneaISBN: 978-92-9204-281-3 Tema(s): Tecnologías habilitadoras digitales | computer network | data protection | data-processing law | digital technology | information storage | information technology | Internet access provider | mobile phone | protection of privacy | regulation of telecommunications | softwareRecursos en línea: Acceso a la publicación Resumen: Pseudonymisation is an established and accepted de-identification process that has gained additional attention following the adoption of the General Data Protection Regulation (GDPR), where it is referenced as both a security and data protection by design mechanism. As a result, in the GDPR context, pseudonymisation can motivate the relaxation to a certain degree of data controllers’ legal obligations if properly applied. In this report, we present an overview of the notion and main techniques of pseudonymisation in correlation with its new role under GDPR. In particular, starting from the definition of pseudonymisation (as well as its differences from other key techniques, such as anonymization and encryption), the report first discusses its core data protection benefits. Following this analysis, the report then addresses some techniques that may be utilised for pseudonymisation, such as hashing, hashing with key or salt, encryption and other cryptographic mechanisms, tokenization, as well as other relevant approaches. Last, certain pseudonymisation use cases and best practices are discussed, focusing especially on the area of mobile apps and revisiting some of the earlier discussed techniques. Although the report does not seek to conduct a detailed analysis of the different aspects related to specific pseudonymisation methods and implementations, it touches upon some of the key issues in this regard. However, further research is needed, as well as practical experience, involving all stakeholders in the field
Tipo de ítem | Ubicación actual | Colección | Signatura | Estado | Notas | Fecha de vencimiento | Código de barras |
---|---|---|---|---|---|---|---|
Informes |
CDO
El Centro de Documentación del Observatorio Nacional de las Telecomunicaciones y de la Sociedad de la Información (CDO) os da la bienvenida al catálogo bibliográfico sobre recursos digitales en las materias de Tecnologías de la Información y telecomunicaciones, Servicios públicos digitales, Administración Electrónica y Economía digital.
|
Colección digital | Acceso libre online | 1000020175276 |
Contiene bibliografía
Pseudonymisation is an established and accepted de-identification process that has gained additional attention following the adoption of the General Data Protection Regulation (GDPR), where it is referenced as both a security and data protection by design mechanism. As a result, in the GDPR context, pseudonymisation can motivate the relaxation to a certain degree of data controllers’ legal obligations if properly applied. In this report, we present an overview of the notion and main techniques of pseudonymisation in correlation with its new role under GDPR. In particular, starting from the definition of pseudonymisation (as well as its differences from other key techniques, such as anonymization and encryption), the report first discusses its core data protection benefits. Following this analysis, the report then addresses some techniques that may be utilised for pseudonymisation, such as hashing, hashing with key or salt, encryption and other cryptographic mechanisms, tokenization, as well as other relevant approaches. Last, certain pseudonymisation use cases and best practices are discussed, focusing especially on the area of mobile apps and revisiting some of the earlier discussed techniques. Although the report does not seek to conduct a detailed analysis of the different aspects related to specific pseudonymisation methods and implementations, it touches upon some of the key issues in this regard. However, further research is needed, as well as practical experience, involving all stakeholders in the field
No hay comentarios en este titulo.