GDPR
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area that went into effect on 25th May 2018. The main purpose of GDPR is to give control to citizens and residents of the EU over their personal data.
All companies and similar enterprises in the European Union must follow the requirements of GDPR that pertain to the processing of personally identifiable information (PPI). PPI is information that can be used on its own, or in conjunction with other information, to identify, contact or locate individual people, such as an individual’s name, social security number, date of birth, and medical/educational/financial/employment information. All business processes that handle personal data must now be built with “data protection by design and by default”, which means that personal data must be stored using pseudonymization or full anonymization, and the most secure privacy settings available must be used. Additionally, this data must not be made available publicly without explicit, informed consent, and cannot be used to identify a data subject without additional information that is stored separately. Personal data must not be processed unless it is done so under a lawful basis specified by GRPR, or with the unambiguous and individualized consent of the data subject - which can be revoked at any time.
Pseudonymization and Anonymization
Pseudonymization is a data management procedure that replaces individual-specific information fields in a data record with artificial identifiers, or pseudonyms. This procedure secures sensitive information whilst retaining the option of using the documents in which it is located for data analysis and data processing. Pseudonymized data can be restored to its original state with the addition of information which then allows individuals to be re-identified.
Anonymization takes pseudonymization a step further, and either encrypts or removes personally identifiable information from data records – thus rendering anonymous the people whom the data describes. The United States Justice Department describes anonymization as ‘technology that converts clear text data into a nonhuman readable and irreversible form, including preimage resistant hashtags and equipment techniques in which the decryption key has been discarded.”
Pseudonymization and anonymization are the most common methods that companies and similar enterprises have utilized in order to meet the requirements of GDPR.
Can I use PDF-XChange Editor to Pseudonymize/Anonymize Documents?
Yes – PDF-XChange Editor contains a customizable Redaction Tool that is very simple to use and can either pseudonymize or anonymize documents as desired. The Redaction Tool not only ‘blacks out’ the location of sensitive document data – rendering it visually secure – it also permanently removes the information from the document’s underlying code and metadata, and thereby ensures absolute compliance with the regulations of GDPR. The Redaction Tool fills areas marked for redaction with black fill by default, but it can be customized to use pseudonyms instead as desired. The images below detail a sample document before and after redaction has been performed:
Further information on the Redaction Tool and its customizable settings and features is available here.
You can contact us by phone, email or our social media accounts — we are here to assist you.