Data Anonymization: A Key Step To Achieving GDPR Compliance

Digital innovation has the ability to transform and improve the way we live, work, and communicate. However, there is an immense amount of data being collected to achieve modern innovation and privacy concerns are at an all-time high due to the lack of clarity many individuals have regarding data collection, storage, and processing of their personal data. To address public concerns and pave the way towards safe and secure digital innovation, there has been a noticeable increase in privacy-related regulations globally, including the GDPR in Europe, CCPA in California, CSL in China and APPI in Japan.

Privacy laws in the EU

For organisations operating within the EU or that are processing data of people in the EU, the GDPR, introduced in May 2018, is the key requirement they must comply with. The data controllers and processors are obligated to implement privacy and data protection mechanisms that not only guarantee that data is secure, but that the data is collected, handled, stored and processed in a transparent and safe manner.

One of the key recommendations set by the GDPR for organisations is the encryption and/or total anonymization of personal information that is collected. This process includes proactively locating where personal information is stored, and anonymizing that information so that it can no longer be traced back to an individual.

In the real world: When does data collection occur?

The deployment of autonomous vehicles hinges upon training the ADAS (Advanced Driver Assistance Systems) and ADS (Automated Driving Systems) for its decision-making process while it is on the road. This requires a large amount of training data that is extracted from real-world footage which inevitably includes personal information — namely license plates and faces of individuals. The organisations, in their function as data controllers, must ensure the proper processes are in place to secure all personal information gathered from field collection. To train autonomous vehicles globally with data collected in the EU, organisations must anonymize the data before it is used to train ADAD and ADS systems.

Figure 1: Autonomous vehicle driving with sensors

Similarly, smart city applications used to enhance infrastructure and manage resources, also fall under the scope of GDPR due to the massive amount of data that is collected, for example, through surveillance using CCTV footage. Surveillance is necessary to collect data to enhance a city’s safety and security by allowing authorities to detect problems rapidly. Despite the necessity of data surveillance for the smart city, it is still important for organisations to be transparent and compliant with privacy regulations. Therefore, anonymization plays a role in helping organisations continue to enforce public safety measures while adhering to GDPR regulations and privacy laws.

Figure 2: CCTV surveillance on highways

NavInfo Europe’s Anonymization solution

NavInfo Europe specializes as a data processor within the GDPR framework, and helps companies meet the requirements through our anonymization solution. Our in-house developed AI-based anonymization models can detect and blur face and license plate information from all types of visual data, rendering the information unrecognizable. Our deep learning algorithms enable high-speed, high-precision anonymization for quick turnaround of blurred, anonymized data. Supported by our integration experts, we can deploy our anonymization solutions on-edge, on-premise, or on-cloud. We facilitate a broad variety of integration options.

In addition to our anonymization model, we offer organisations the infrastructure for GDPR compliant data handling and perform quality control and monitoring throughout all data processing procedures. This includes assigning a Data Protection Officer to monitor GDPR compliance, regularly validating the output and managing incident reporting. Our GDPR compliance services also offer consultation regarding GDPR regulations, processes, and documentation, such as the Data Processing Agreement, required in Europe.

Want to learn more?

NavInfo Europe’s GDPR compliance service offers the anonymization solution as a way for organizations to continue performing their operations that require data collection by freeing visual data from personal information.

Curious and want to learn more about what we can do for your organization? Get in touch and our team will get back to your promptly.