Dutch financial services company Rabobank is working with IBM to use cryptographic pseudonyms on its client’s personal data in order to comply with the new EU financial regulations General Data Protection Regulation (GDPR).
Desensitising the data will help Rabobank to use it for performance testing in the development of new technologies and services including mobile apps and payment solutions.
Set to come into effect from 25 May, GDPR aims to create a harmonised data protection law framework across the EU.
The regulation also looks to provide the citizens control over their personal data as well as impose strict rules on those hosting, moving and processing this data.
Rabobank delivery manager radical automation Peter Claassen said: “It’s critical for Rabobank to use data which is as close as possible to production during the testing phase, so when we go live, we are confident that our services will perform.
“Being able to test and iterate using pseudonymised data is going to unleash new innovations from our team bringing even more security, innovation and convenience to our clients.”
Under the collaboration with IBM, Rabobank has cryptographically transformed terabytes of its most sensitive client data which includes their names, birthdates and account numbers.
This process increases privacy by providing fictitious data to most of these identifying fields.
Fuerthermore, for GDPR, the data is also processed accordingly so that it can no longer be attributed to a specific data subject without the use of additional information.
IBM Research cryptographer Michael Osborne said: “IBM analytics software combined with our cryptographic desensitisation engine achieves pseudonymisation by converting the data into individual hash-based token keys which are completely impermeable today and in the future, even from a fault-tolerant quantum computer many years from now.”
Working for more than one year now, IBM and Rabobank have pseudonymised multiple key applications and platforms.