Many SaaS suppliers use personal data, collected on behalf of SaaS customers, in an anonymised form for their own purposes, such as benchmarking. The UK Information Commissioner’s Office (ICO) Anonymisation Code and more recently the Article 29 Working Party’s Opinion on Anonymisation provide guidance on how to check that personal data is actually anonymous.
If you are a SaaS provider using anonymised personal data you should comply with the recommendations in these two guides, to ensure that you are properly anonymising data, otherwise you could be found to be using personal data in breach of the DPA.
Continue reading