The Department of Digital Policies and Public Administration and the Center of Excellence in Big Data of Barcelona (Big Data CoE) have presented the report “Good practices for sharing personal data in the new data economy”, Which provides guidelines for the proper processing of personal data and its anonymization in technologically complex environments such as Big Data.
With this publication, the Government wants to facilitate the development of the new data economy in order to make the most of the opportunities it offers both in the business and innovation fields and in the social field. Therefore, it gives tools to companies and organizations to successfully face the challenge of applying the new European regulation of personal data without jeopardizing this potential.
The report compiles procedures, technical measures and bibliography to help comply with the new data regulations and proposes a set of recommendations for all organizations that have to deal with large volumes of data.
These recommendations include respect for the principles of loyalty and transparència, responsibility for processing, responsible research and innovation and pursuing a legitimate interest and in accordance with the uses proposed in the document.
It is also advisable to carry out a data protection impact assessment that demonstrates that the processing to be carried out does not pose a risk to privacy, and emphasizes commitment to procedures and good practices for collecting personal data and information that is provided to the public and stakeholders.eressats.
Likewise, the report recalls that it is necessary to guarantee the rights of the interesissues such as the right to be forgotten and the portability of your personal data, and advises having a Data Protection Officer, especially when dealing with large volumes of data.
To facilitate decision-making for data controllers in organizations, the report recalls the need to follow the recommendations of ENISA (European Union Agency for Network and Information Security) on security and privacy, and proposes a procedure action based on an iterative anonymization process that will always require passing a re-identification test.
