The General Data Protection Regulation introduces the concept of “pseudonymised data” as a preferred solution for the use of personal data outside the production environment.
Pseudonymisation is a procedure by which identifying data with a certain algorithm is replaced by encrypted data (the pseudonym). The algorithm can always determine the same pseudonym for an individual, allowing information about the individual, including from different sources, to be combined. Pseudonymisation is reversible and as such it is still personal data that falls under the GDPR. Pseudonymisation does reduce the risk of data misuse in the event of a data breach, because you need to know how the algorithm works. Anonymisation is an irreversible processing in which personal data are replaced by anonymous data nvdr.
ODMS: Ordina Data Migratie Straat
Ordina has the right expertise and the solution you need if you want to make your IT landscape compliant with the regulations on non-production systems. The Ordina Data Migratie Straat (ODMS) is a tool set up by Ordina for data migrations. ODMS is independent of the source technology so that it can be used on all databases. This future-proof solution is ISO-27001 certified and is offered to various customers as a service. We make continuous improvements to ensure compatibility with the latest standards.
ODMS is supplemented with algorithms for (homomorphic) encryption developed by COSIC. Since both tools use the same algorithms, reference integrity can be guaranteed. The cryptographic library of the research group COSIC contains encryption, hashing and MAC algorithms and FPE (format preserving encrytion) and randomization tools.
Do you know what types of personal data you process, on what basis they are processed, where this information is located, who uses it or has access to it? What protection have you provided or what protection have your suppliers provided, such as cloud supplier, accountants, social secretariat, marketing or communications agency, IT suppliers, call centres, etc.?
What further steps do you need to take in terms of training your employees, improving the IT & application environment, clauses in your supplier contracts, etc.) in order to be compliant with GDPR?