Redact

After the appropriate tags have been assigned to the documents, you need to redact all personal data belonging to third parties and review all documents with the 01 DSAR Candidate tag. For instance, if a document set has the 03 Redaction 3rd Party PII tag attached to it, it means that the documents contain personal data relating to third parties and must be redacted.

The most essential step in handling an access request is the redaction of personal data belonging to third parties. It is very important to ensure that all such data are redacted before production of the documents. In this phase, you can begin to manually or automatically anonymize personal information. The purpose of anonymization is to prevent personal data from being inadvertently released. ZyLAB’s redaction feature enables reviewers to quickly and easily protect sensitive, privileged, or confidential information by hiding selected content.

Both anonymization and pseudonymization can be used for redaction.

Encrypting personal data can be done by replacing the real personal data with a pseudonym. The main difference is that pseudonymization is a reversible process, unlike anonymization. Also, the real person is identifiable with the proper key which makes the data still valuable for an organization. However, it also means the GDPR still sees pseudonymized data as personal data.

Removing the option for the data subject to be attributed to personal data within a document results in anonymization. The data is irreversibly altered, and it is impossible to detect if data relates to two, three or more people. The GDPR does not see it as personal data anymore.

The choice between anonymization or pseudonymization depends on many factors (the use case, degree of risk, the way data is processed within your company, etc.).