A breakthrough in GDPR data analytics

Keeping analytics useful in a GDPR-driven world

By | 3 minute read | February 11, 2019

The European Union recently implemented its General Data Protection Regulation (EU) 2016/679 (GDPR) The regulation is an essential step to strengthen individuals’ fundamental rights in the digital age and facilitate business by clarifying rules for organisations in terms of processing of personal data.  This new regulation has created a challenge for many organizations in terms of how to maintain compliance  with the new data protection and privacy laws while continuing to use data for analytics.

As organizations explore how to use innovative solutions to protect individuals’ most sensitive data, there were some who saw this as also creating an opportunity to solve other challenges when doing analytics on customer data.

In March 2018, IBM and Mastercard founded Trūata, an independent company held via a trust structure to support companies with their GDPR requirements when doing analytics. The Trūata Anonymization Solution can help organizations make use of their data assets and drive business insights while still mindful of their GDPR requirements.

The solution is hosted by Trūata on the IBM Cloud and employs anonymization and analytics technologies developed by IBM and IBM Research.

Using privacy-by-design principles, Trūata built their solution based on four pillars:

  • A world-class technology platform1
  • Structural safeguards1
  • Legal safeguards1
  • Organizational controls1

A dedicated tech platform for data utility and customer privacy

For a sense of how Trūata can transform operations in a GDPR-driven world, consider the technology platform itself. It drives a whole host of compelling use cases in which an organization wishes to anonymize data without sacrificing its utility. One use that comes up often for clients is customer segmentation for marketing purposes.

This process has often relied on personal data to help companies measure and target to better understand and address the needs of individuals. However, using personal data for the purpose of analytics is now much more challenging under the GDPR, requiring in most cases that clients must obtain customer consent for such uses. Or, their data would ideally need to be anonymized and handled properly in line with their GDPR requirements. Some clients assume that the necessary steps for achieving true anonymization are too complicated and burdensome to be worth the trouble.

The Trūata Data Anonymization Solution can change that perception by taking deidentified client data and feeding this data through a secured connection into the platform, where it undergoes multiple deidentification steps before being fully anonymized and ready for analytics. Trūata is the independent controller for anonymizing the data and as such, is responsible for the anonymization process, thus mitigating the client’s noncompliance risk.

Organizations can then use tools available through the Trūata Analytics Suite to build business intelligence models, customer journey models and segmentation models and conduct A/B testing. Essentially, it can help with whatever business intelligence or data science models an organization requires.

The aggregated reports and model code are sent back to the clients’ data scientists and business users. Clients can then apply the aggregated reports and model code to their consented datasets to build accurate segmentation models for their marketing programs without compromising compliance.

Independent anonymization can protect the privacy of consumers by reducing the risk of reidentification to an insignificant level, enabling Truatas’ clients to act responsibly and ethically.

A trusted third party can help support compliance needs

By providing the technology and expertise to implement anonymization as well as acting as the data controller, Trūata offers clients a single solution designed to significantly reduce the organization’s liability risks related to GDPR compliance with regard to data analytics.

Visit the Trūata web site to learn more about this unique solution or engage with an IBM client representative to determine if it is the right solution for your organization.

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

1According to The Four Pillars of the Trūata Anonymization Solution