How to use a dataset in compliance with the GDPR?

In the last two years, humans have generated 90% of all data on Earth today. This is both an edifying and frightening statistic, which shows the extent to which the growth of data is exponential in our hyper-connected societies. Faced with these new challenges represented by the data market, various bodies are trying to regulate the uses and practices of this new digital gold. At the European level, this desire to control the use of data has materialized in the General Data Protection Regulation (GDPR), which is a list of laws and good practices that organizations must respect to protect users' data.

Voted in 2015, the GDPR is the result of several years of debate and exchange at European level. This regulation, which modernized the provisions of a 1995 directive on data protection on the Internet, aimed to "give citizens back control over their personal data, while simplifying the regulatory environment for businesses". If, with obligations such as the right to be forgotten, the user is able to regain control of his or her data, on the company side, the use of the latter has become increasingly complicated. Indeed, the legislation aimed at protecting users, in particular by obliging data masking during the exploitation and use of data, has complicated the task of organizations. The rules to be respected in order to use a dataset in compliance with the GDPR have become extremely numerous and demanding, to such an extent that it is often difficult for professionals to find their way around.

For organizations that have to collect, use and process data, it is imperative to ensure the protection of its users' information. The data usage phase is crucial since this is when the most critical leaks can take place and compromise the privacy of several thousand users. In fact, to avoid any problems, it is imperative to properly anonymize the dataset that is used. By anonymizing the data, the operating entity protects itself and also the users who have provided some of their personal information to the study.

Anonymization is an umbrella term for several distinct mechanisms able to anonymize data at different levels, rendering the identification of users impossible. Automated anonymization techniques allow organizations to exploit data sets in complete security, while protecting the privacy of their users and thus respecting the framework defined by the GDPR.