On 7 March 2022, the Information Commissioner’s Office (ICO) issued the fourth chapter of its draft guidance on “Anonymisation, pseudonymisation and privacy-enhancing technologies” and opened a public consultation on the draft until 16 September 2022. The fourth chapter specifies the governance and transparency measures to take when pursuing anonymisation processes. The chapter explains how to use Data Protection Impact Assessments (DPIAs) to limit re-identification risks in the case of data breaches. Particularly, organisations should establish appropriate governance structures, appoint dedicated members to oversee anonymisation procedures, clarify the purpose for anonymising personal data and coordinate with other organisations.
Original source