When the European General Data Protection Regulation (EU GDPR) came into force on May 25, 2018, companies were put under an obligation not only to be responsible in their handling of personal data, but also to provide special protection for it.
It distinguishes between personal data that allow conclusions to be drawn about real existing persons and other data whose processing as well as storage ensure the confidentiality of the data. Even though the GDPR does not make any specifications regarding the protection of data, it does list procedures that are to be used. These include Data masking and encryption.
But what exactly do these terms mean, and what are the differences between the individual procedures? The second blog post of our Libelle glossary deals with these mysteries and tries to bring light into the darkness.
Data masking is a special form of anonymization. Unlike anonymization, however, this process does not delete any data. Instead, the data basis is changed by alienating the data, i.e. replacing it with fictitious values. For example, random values or reference words are used instead of the original data. The key advantage is that the structure of the data and information is preserved.
The aim of data masking is to prevent the theft or misuse of data in databases or test systems accessible to third parties.
Encryption changes underlying data into an unreadable string. A key is needed to return the data to a readable form. In encrypted form, the data is protected from unauthorized access. It is also confidential, because only authorized persons who know the key are able to read the data. Encryption is well known and commonly used for data transfer. However, it is also used to protect archived data that is rarely accessed.
Libelle AG has developed Libelle DataMasking, a solution for the required data masking and encryption. The solution was designed to produce anonymized, logically consistent data on development, test and QA systems across all platforms.
The anonymization methods used deliver realistic, logically correct values that can be used to describe relevant business cases and test them in a meaningful end-to-end manner. Furthermore, developers as well as users are provided with a "clean" database with which they do not have to worry about data protection.