Real-time pseudonymisation
When you provide your process data directly to us, we can immediately pseudonymise the data as a trusted third party. In this way, you are never in possession of identifiable personal data in your own process.
Due to our validated process and technology, this method is in conformity with the requirements for expertly executed pseudonymisation which have been established by the Dutch Data Protection Authority (DPA). Real-time pseudonymisation can be implemented for location-based services and fraud prevention, among other things.
Trusted Third Party
As a trusted third party, we have no interest in the contents of the data. Because it is encrypted in various ways, we cannot access it. With the exception of meaningless pseudonyms, we do not retain encrypted data.
The pseudonyms are saved for an agreed-upon period of time in order to deliver the same pseudonyms in subsequent data deliveries within the same processing service. This enables our clients to conduct historical analyses or to archive data, even after the expiry of the retention period as mandated by law.
The distinct advantage of using a trusted third party for the pseudonymisation of data is that you can easily demonstrate to all your stakeholders (such as supervisory authorities and customers) that proper technical pseudonymisation takes place in your organisation, and that the process occurs outside the influence of your organisation.
When a Trusted Third Party is used, personal data analyses carried out by various organisations can be combined, all while respecting privacy.
De-pseudonymisation of personal data
The process of pseudonymisation can be made reversible. This means that the data can be converted back to the original (traceable) personal data using the key. This can be used at a time when significant results become visible during analyses and action has to be taken at the person or object level. Whether the importance of depseudonymisation is defensible under specific circumstances requires careful integral consideration. Significant results call for careful consideration and testing of the question of whether depseudonymisation of the data is desirable. This assessment takes place at the administrative level and must be supported by the board.