For some projects it’s important to have the data made available in a way that, for example, the same email address can be identified across many records.  

Pseudonymisation is a mechanism that is supported by the GDPR but it has it’s limitations (i.e. if the email address uses a standard hashing technique – it’s easy to perform a reverse lookup of that email address). 

Purple Seven provides an additional level of encryption to ensure that the email address has been altered in a way that is only known to Purple Seven BEFORE the hashing takes place.  

The encryption is unique to the project.  This means that if the data were to be compromised there is no possibility of reverse lookups being used thus ensuring that the data is secure.  This process is also applied to any data that could be used to identify a living person even if that data does not, directly, contain any PI.  

Data that has been pseudonymised is categorised as ‘Safeguarded data’.  

For other projects there is no requirement for the PI so this data is anonymised.  True anonymisation is more than simply removing PI from a customer record and we adhere to the principle that for data to be truly anonymised there must be no possibility for reverse engineering the data to append PI back (e.g. through a customer ID or similar).  

When data is anonymised it is categorised as ‘Open Data’ (as long as there is no commercially confidential information included in the data, in which case the data would be categorised as ‘Safeguarded’).  

Examples of Anonymised data are where data has been aggregated to a level with other patron records to a point where it becomes impossible to identify how a particular customer has behaved or any specific attributes about a particular customer.  

When sharing pseudonymised data with a data Sub Processor or Processor we perform a Privacy Impact Assessment (PIA).  The PIA will determine if the receiving company has data from that organisation from a separate project.  If they do, then consideration would be given to: 

1. The use of lookup values – could the data the receiving company holds be used to as a lookup to the data that is being provided?  If the answer is ‘Yes’, the lookup ID’s of that data will be pseudonymised. 
2. Data Retention – this is an important element of our privacy policies.  It’s important that we do not hold data for any period longer than is necessary to deliver the Statement of Work.