GDPR data anonymization

Last modified by matto on 2018/05/24 09:12

 

Disclaimer: following information have just informative character and I disclaim any legal or other kind of responsibility for the actions you made based on these information.

Following data are Personally Identifiable Information (PII) according to the GDPR (European General Data Protection Regulation). This means, that you should prove, that you have a consent from user to store such information.

Here are few notes on how to cope with data stored in your DB, especially:

  • name and surname
  • email
  • IP addresse

The fact is, that there are TONS of these data in usual DBs. In the past, IP address has been used in so many places, emails as well

Making a DB dump

One of the easiest way, how to check content of your whole database is to make a DB "dump" / or export.

Then, you should review this file, whether it contains some of the PII.

You might find out, that there are many tables, which store these PII, but are not needed anymore.

According to the GDPR, these data should be erased. You can erase content of whole table, or just individual records.

Checking if data you store are still needed

You should go through the DB tables and check if you still need some kind of old information, which are considered as PII.

First of all, you should prove, that you have a legal basis on storing such information. If there is no legal basis, you should prove, that user has given you a consent to store this kind of information solely for this purpose. If you don't have this kind of consent, you should either obtain it, or you must REMOVE this information form your system.

Finding and replacing IP address

Regular expression to find an IP address:

\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b

You can simply replace it by:

x.x.x.x

Finding and replacing email

[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}

email@anonymized.com

 

Tags:
Created by matto on 2018/05/24 08:25
    
CodeGravity.com ©
Web
Analytics Made Easy - StatCounter