The most pressing response to the question of data protection at the moment may come in the form of the European GDPR (General Data Protection Regulation) that’s set to take effect next year, but we believe businesses outside the continent would be well advised to take heed. It’s unlikely that Europe’s new regulations in this area will be confined to any one geography.
Expect other regions to respond with statutes of their own given the growing debates about the privacy and the security of personal data worldwide, although each region’s regulations will likely have their own legislative flavour.
In simple terms, the challenge involved boils down to this; the source data related to any commercial or network activity or transaction needs to be protected in such a way that it can’t be linked back to the underlying customer, thus protecting anonymity and limiting misuse of personal information. Theoretically, there may be a lot of ways this can be achieved and a lot of points in the data capture and processing chain that anonymisation could be effected but our belief is that it makes the most sense when enacted as close as possible to the source.
Our approach at DigitalRoute, Data Masking, was introduced in our last blog. To expand a little further, I think its key benefits include.
As I think I’ve just invented at least one new word, let me explain. “Deployability” refers to the fact that the Data Masking functionality (which comes in the form of a self-contained “agent” or set of functions within the product) can be easily deployed inline, anywhere in our data integration and management processing chain. Put another way, it’s “drag and drop” which makes for speed and ease of deployment.
Flexibility refers to the degree of user configurability that data masking gives the customer. In other words, you are not limited to one variety or approach to anonymisation; you can tailor how you anonymise data according to the given set of individual requirements relevant to your situation.
What we believe is particularly advantageous in our approach is that data that falls under GDPR (or any other regulatory requirement) is encrypted (or de-crypted) before it reaches the enterprises large data repositories. Once it’s there, meeting the requirements of GDPR later in the chain becomes considerably more difficult. These repositories may be on premise or in the Cloud or even, most importantly with the question of security in mind, distributed to third parties. The point here is that compliance is achieved early enough and close enough to the data source that subsequent actions or requirements on the collected data can be responded to quickly.
I would encourage you to get in touch if you have any questions about how your company is going to respond to GDPR or any other similar regulatory requirements related to data security. Companies will have much to address in this area over the next twelve months and our flexible data masking technology can be deployed quickly to address different Use Cases in different ways. Click the link below if you’d like to learn more, or have a direct conversation on the subject.
Read the next blog post in this series: