BLOGS BY TOPIC▼
BLOGS BY AUTHOR▼
BLOGS BY YEAR▼
Posted by David Wakefield on 18 June 2018
You need a minimum screen resolution of about 700 pixels width to see our blogs. This is because they contain diagrams and tables which would not be viewable easily on a mobile phone or small laptop. Please use a larger tablet, notebook or desktop computer, or change your screen resolution settings.
How to get the custodians of your data to give you access!
Nearly every article about GDPR emphasises its restrictions; this blog looks at what it doesn't stop you doing!
Paralysed by fear?
At the moment many analysts around the country are sitting twiddling their thumbs, because someone higher up the chain is blocking access to the vital corporate data which their business relies on. There is a lot of misinformation about those regulations, which this blog tries to correct.
One of the most pernicious bits of misinformation is that data can only be processed with consent. There are actually six reasons you can process data. This blog strips away the jargon from the most important: legitimate interest.
The concept of legitimate interest
Legitimate interest is the broadest of the six exemptions allowing you to process data. The legitimate interest can be for your own company's selfish reasons: no one says this has to be for the greater good. Here are a couple of examples of legitimate interest:
|Type of organisation||Example of legitimate interest|
|Commercial organisation||if you think analysing data can increase your sales.|
|Health trust||If you think analysing data may enable you to allocate resources better.|
Of course, if you're analysing the data for illegitimate reasons like planning to commit a crime that wouldn't be acceptable. But you probably already knew that ...
Are there restrictions on what data you process?
Now we've established that processing data for legitimate reasons is lawful, should there be any restrictions on the data you process? If you're analysing data and looking for patterns you won't know what is important until you have finished the analysis, so potentially names, addresses, dates of birth and genders could all be important: as long as you have a legitimate reason at the start to think the data may be important then you should use it.
Is there any data you should not use? No, but be very careful about "sensitive data" (this includes information on religion, political affiliation, sexual preferences, criminal records and the like). You can normally use this data, but you should get legal advice before doing so.
Who can I let see the data?
Suppose that you lead a team of analysts. If you want them to analyse data, then you can let them see it. Once you have finished the analysis, provided that the data is summarised and no one can be identified then you can let anyone see it.
If people can still be identified, then consider anonymising the data (for example, by just using people's initials or by using just part of a postcode).
You could use SQL expressions, Excel formulae or VBA macros to do this.
If the person you are presenting the data to is part of your organisation and has the same legitimate interest as you, then they too can see the un-anonymised data.
Can I sell the data?
No - this is not considered a legitimate interest. You can, however, sell the anonymised data or the aggregated analysis. If you have the subjects' consent you may be able to sell the raw data, but you would have to obtain this consent before processing the data.
GDPR doesn't have to paralyse economic activity. Remember that most articles on the subject have a vested interest in making it sound scary (whether to sell more papers, get more clicks or sell more consultancy). I'll leave the last words to Baruch Spinoza, the 18th century Dutch philosopher: