GDPR: Use only the data you need
As the dust on GDPR has settled, the conflict grows as to the balance of finding insights while maintaining data privacy. Martin Fowler writes about Datensparsamkeit which he loosely defines as “data frugality”. Anyone who’s already dealt with privacy laws in Germany can relate, but with the onset of GDPR and the growing concerns of the ethical obligations and bounds of data usage, this article introduces apt compromises one can consider to strike a proper balance.
There are many approaches to maintaining the privacy of associate information and still achieving analytical goals:
- Consider aggregating data right as you pull from your HRIS. Doing so removes any potential risk of exposure. A well-defined objective sets the level of detail properly at the outset.
- Allow anonymous survey responses to remain anonymous. Strip away any identifiable information straight away. It also avoids the pressure when a Director, even one in HR, asks to see the responses from their reports.
- Hat tip to Martin Fowler for his idea:
Datensparsamkeit suggests that you shouldn’t store the IP address directly, perhaps instead you should hash it and only store the hash.
consider applying hashes to personally-identifiable information that still can be used in analysis, but in a safely anonymized form.
As I’ve spent more and more time using HR data, I’ve grown more comfortable with less. Having worked with many business teams, notably marketing, that thrive on ‘more is more’ – with people data less is often appropriate. Firstly the goal is to respect the data of actual people, which is becoming more and more rare, and after that – remain legally compliant. You can do both.