| ENISA Guideline No 1 - November 2018: Recommendations on Shaping Technology According to GDPR Provisions - An Overview on Data Pseudonymisation82 | Section | Anonos BigPrivacy |
|---|---|---|
| Personal identifiers replaced with pseudonyms | 2.1.1 |  |
| Pseudonyms do not allow the direct derivation of personal identifiers | 2.1.1 | |
| Personal data can no longer be attributed to a specific data subject without the use of additional information | 2.1.2 | |
| Reversal of Pseudonymisation is non-trivial in absence of additional information | 2.1.2 | |
| Additional information kept separately using technical and organizational controls to limit access | 2.1.2 | |
| Pseudonyms applied to direct and indirect identifiers | 2.1.2, 2.1.3 | |
| Resistance against re-identification via singling out | 2.1.2, 2.1.3 | |
| Resistance against re-identification via linkage attacks | 2.1.2, 2.1.3 | |
| Resistance against re-identification via inference attacks | 2.1.3, 2.2 | |
| Anonymisation techniques used to further reduce the possibility of third parties inferring identity | 2.2 | |
| Single input results in a decoupled pair of outputs: pseudonymous data and additional information necessary to reidentify | 2.3 | |
| Identify of data subjects hidden in the context of a specific data processing operation | 2.3 | |
| Any recipient or third-party having access to pseudonymised data cannot trivially derive original data set and identity of data subjects | 2.3 | |
| Support for unlinkability across different data processing domains | 2.3 | |
| Support for accuracy by retaining access to both pseudonymised output and additional information necessary to reidentify | 2.3 | |
| Does not use Hashing without key or salt to generate pseudonyms | 3.2 | |
| Offers keyed hash function (HMAC, SHA2/3, 256+ bit keys) to generate pseudonyms | 3.3 | |
| Uses symmetric encryption to generate pseudonyms | 3.6 | |
| Offers tokens (randomly generated values) as pseudonyms | 3.6 | |
| ENISA Guideline No 2 - November 2019: Recommendations on Shaping Technology According to Data Protection and Privacy Provisions - Pseudonymisation Techniques and Best Practices83 | Section | Anonos BigPrivacy |
| Enables a Risk-Based Approach accounting for required protection and utility/scalability | Exec Summary | |
| Advances the State-of-the-Art | Exec Summary | |
| Complies with GDPR Definition of Pseudonymisation | 2 | |
| Utilizes one or more Pseudonymisation Functions | 2 | |
| Utilizes a Pseudonymisation Secret | 2 | |
| Has a Recovery Function for Pseudonymisation Functions | 2 | |
| Uses a Pseudonymisation Mapping Table | 2 | |
| Attack Resistance | 4.3 | |
| Pseudonymisation Secret Discovery Attack Resistant | 4.3.1 | |
| Re-Identification (Linkage) Attack Resistant | 4.3.2 | |
| Discrimination (Inference) Attack Resistant | 4.3.3 | |
| Brute Force Attack Resistant | 4.4.1 | |
| Dictionary Search Resistant | 4.4.2 | |
| Utility and Data Protection Maximization | 4.5 | |
| Pseudonymisation Techniques | 5.1 | |
| Does not make use of Counters | 5.1.1 | |
| Uses Cryptographic Random Number Generator | 5.1.2 | |
| Does not use Cryptographic Hash Function with or without salts, peppers | 5.1.3 | |
| Uses MAC - keyed hash (HMAC) | 5.1.4 | |
| Uses Symmetric Encryption | 5.1.5 | |
| Pseudonymisation Policies | 5.2 | |
| Supports Deterministic Pseudonymisation | 5.2.1 | |
| Supports Fully Randomized - RDDIDs - both row and field level | 5.2.3 | |
| Offers Recovery Function (Reversal of Pseudonymisation) | 5.4 | |
| Protects Pseudonymisation Secret | 5.5 | |
| Advanced Pseudonymisation Techniques | 5.6 | |
| Controlled Pseudonym Linkability | 5.6 | |
| K-Anonymity | 5.6 | |
| Aggregation/Generalization/Binning | 5.6 | |
| Rounding | 5.6 | |
| Masking | 5.6 | |
| Prefix/Suffix-Preserving Pseudonymisation | 6.2.1 | |
| Format Preserving Pseudonymisation | 7.4 | |
