Rabobank’s unique approach to GDPR compliance

Rabobank, a Dutch bank, is taking a unique approach to GDPR compliance. Together with IBM research, they will set a system in place that uses cryptographic pseudonyms.

As a quick reminder, the May 25th is the time when GDPR, the General Data Protection Act, comes into effect. If you’re a multinational company, it’s absolutely crucial that you pay attention to this, as it will have a huge effect on the way you do business in the future.

To summarise, GDPR was designed to pass more control to the hands of the citizens. Specifically, it’s about them having a say in how their personal data is handled.

IBM will be using cryptography to transform Rabobank’s client data (terabytes worth of it, in fact). This method is all about using pseudonyms instead of actual data. For example, instead of directly spelling out the following:

– Birthdates

– Account numbers

– Names

Pseudonyms will substitute for them. It will look like real data is being used, but in reality, these data fields will contain pseudonyms or artificial identifiers.

Here’s the catch: in order to satisfy the GDPR requirements, without the use of other information, it would be impossible to associate the data with a person or a subject.

In technical terms, IBM’s tools are used to convert data into individual hash-based token keys. IBM Services and Rabobank have remained in partnership for several years, working together on this pseudonym project. The recent data suggests that both platforms and applications have already been converted, with other bank functions and all payment applications already in the pipeline.