Guest Blog: GDPR and Anonymisation
This guest blog on GDPR and data anonymisation comes from Alan Ballany of Culture Republic.
Alan is their Strategic Planning Director and his role focuses on technology and systems infrastructure, internal resources and workflow and team development.
Culture Republic is a Scottish-based organisation who work with artists, producers, cultural organisations and creative businesses who want to better understand their audiences.
You can check out more of Culture Republic's GDPR resources here.
Anonymisation is an important concept for cultural organisations that want to analyse their audiences. This is particularly important for much of the research work we do with arts organisations, so we want to make sure all of our partners are very clear on what it means to anonymise data.
Currently, the ICO defines anonymisation as:
“…the process of turning data into a form which does not identify individuals and where identification is not likely to take place.”
GDPR will take a tougher stance by omitting the “not likely” part of the ICO’s definition. This means organisations will have to be more careful about how they ensure data is anonymous.
When you collect data about people and you want to use if for segmentation or other research, you will need to consider how to securely anonymise it, especially given the GDPR’s less forgiving definition of anonymisation. It is particularly important if you are working with an outside agency or if you plan to publish your data set.
Example
As we highlighted earlier this year, exciting new WiFi technology can allow museums to see how visitors interact with their exhibitions. This can give much more accurate results than traditional surveys, with resultant improvements to visitors’ experiences. But, as we pointed out, visitors will want to know their privacy isn’t breached when this kind of data is collected.
The goal is to make sure that no individual in the data set could be identified. In some cases, such as some rural post codes that have a very small number of households, this may require more than simply removing names. You will also need to check what you have consent to use their data for research or segmentation.
Get Personalised Support
If you have a question that isn't answered above, you can leave us a comment below and we'll do our best to answer. We’re also offering bespoke GDPR workshops for cultural organisations for £150 + VAT, so please drop Sarah an email if you're interested.