November 12, 2020
Data Minimization (GDPR): Are you doing it right?
The GDPR was the first data privacy law to introduce rights to data subjects over their personal data. These rights gave the data subjects significant control over their personal information, how it is being used, is it being sold to other third parties and so on. Among other rights, the regulation also empowers the data subjects to object to the sale of their data, or its processing.
The GDPR laid the foundation for many of the privacy acts that were enacted close on its heels like the CCPA for California, and the LGPD in Brazil.
Data subjects now have the ability to raise requests to the organizations for implementation of these rights, and these requests are referred to as Data Subject Requests (DSR’s). This is not to be confused with Data Subject Access Requests (DSAR’s), which is a specific subset of the broader DSR. DSAR is raised when a data subject is enacting their Right to Access or Right to Information under the privacy regulation. DSR on the other hand, could be any request raised by the data subject that fall under the ambit of the data subject rights offered by the privacy regulation. For instance, a request enacting the Right to be Forgotten would fall under the classification of a DSR.
The privacy regulations also have guidelines regarding the time taken to respond to a DSR. Organizations are therefore required to respond to these DSRs in a timely and efficient manner, if they are to maintain compliance with the data privacy regulations.
One of the most fundamental rights provided by most data privacy laws is the Right to be Forgotten, wherein a data subject can request to have his personal data removed, so that third parties can no longer trace it.
The popular approach many organizations follow in response to such a request is deletion of the data record. However, deletion of data leads to bigger issues like loss of database integrity. This might not seem apparent at first, but let us examine this with an example.
A consumer, say David, makes a request his bank to delete his personal information. The bank finds his data and deletes it. When it comes to auditing, the bank is now having trouble tallying their records. They have the total amount, but they do not know how they accrued that amount since they have deleted the transactional part of David’s data, and probably did the same with many of their other customers’ data too. As a result of deletion, the database integrity has collapsed, and the bank is now dealing with this unforeseen issue. Say, instead of deleting all of David’s data, they had kept only the non-sensitive part of it, which is the amount that he had transacted. This way, they retain the business transactional value of their data and would not have faced a problem with auditing their transactions.
Hence, deletion is not a viable option. Companies must invest in a robust data minimization tool that helps them respond effectively to the Right to be Forgotten. Data minimization is an important principle covered in the GDPR. So, what does “minimize” mean? It means that data processing should only use as much data as is required to successfully accomplish a given task. Additionally, data collected for one purpose cannot be repurposed without further consent.
How Tokenization can help in Data Minimization?
The most effective data minimization technique is tokenization, instead of conventional methods like deletion.
Tokenization eliminates the drawbacks of deletion by replacing the sensitive information with tokens that are format-preserving and that maintain referential integrity. Tokenizing the sensitive part of the information while retaining the transactional part of the dataset results in it being securely de-identified, while also retaining the usefulness of the data within.
Mage approaches the problem of inactive sensitive data through its industry first data minimization solution called sensitive data retirement. With our solution, iRetire™, reduce the risk of carrying inactive sensitive data while maintaining the business value of your data.