Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.

GDPR - Is anonymizing sufficient to address right to erasure?

#1
Hypothetical situation:
You are collecting a bunch of customer account data, for example: name, address, items purchased, and dates of purchase.

Now a customer requests their data be erased.

Under GDPR (or any other privacy regulation), would it be sufficient to just anonymize their data (i.e. purge the name and address, but keep a history of purchased items), or do you have to necessarily purge everything related to the customer in response to such requests?
 

MrTetris

Starting to get Involved
#2
Once you delete name and address (and any reference that could link the order to the customer who placed it), the list or purchased items and addresses can be considered records from purchases dept. for your internal statistics, and not personal data anymore. So I would say that in this case you can keep a history of purchase items, but you need to pay attention that your anonymization is a real anonymization, and not just a pseudonymization. In other words, all personal data and links between orders and customers must be deleted.
 
#3
...but you need to pay attention that your anonymization is a real anonymization, and not just a pseudonymization. In other words, all personal data and links between orders and customers must be deleted.
Can you elaborate (or link to a good source) on the distinction between real anonymization and pseudonymization?

In my hypothetical example, we'd clear the name and street-address fields, but keep all the other data. This would include country, state, and city information of the address (because we'd like to keep data on what was sold & where).
 

dsheaffe

Involved In Discussions
#4
Pseudomdonymisation is a method where you substitute identifiable data with reversible consistent data (eg, you update your records to change every 'John Smith' for 'Tom Jones'). With this method it is possible to reverse engineer the data back to the original information (if you know the substitution routine). To anonymise data, is to destroy identifiable data (eg, replacing 'John Smith' with different random characters for each instance). In your case if you are actually deleting the names and addresses, then it would be anonymised.
 
Top Bottom