In early 2017, the Head of IT for a European municipal government was facing a dilemma. The supervisory authority with jurisdiction over data protection in his country had yet to publish explicit guidance on implementation of anonymisation, and pseudonymisation as it relates to GDPR. This municipality manages dozens of data bases that are used for processing personally identifying information of EU citizens, exactly the type of data and processing targeted by GDPR.
So he reached out to Y2X as we have rich experience with data protection issues across multiple countries and certified GDPR specialists on staff. We were able to offer guidance and insight into how other organisations were tackling the issue and on explicit guidance coming from supervisory authorities in other countries who’s preparation for GDPR is more mature. We were further able to guide this Head of IT in the design of the technical project and related change management steps required to implement it safely.