The Development Regulation of the LOPD is called RLOPD which was approved by Royal Decree 1720/2007 and it emerged as a framework for the development of the mandates contained in the Organic Law 15/1999 Protection of Personal Data as well as in the European Directive 95/46 THIS.
When it comes to Big Data, there are no specific rules that regulate it. Nevertheless, is the law 15/1999 and the General Data Protection Regulation (RGPD, known as GDPR), the legislative framework to apply.
Big data involves the processing and management of large amounts of data. Among them there is a large amount of personal data. This can mean great benefits for the companies and organizations that use them., but it also implies security risks that can go against the RLOPD. To minimize them special attention should be paid to:
- the quality of the data used
- its conservation
- the storage
Measures to take into account for compliance with the RLOPD
To take full advantage of the potential of Big Data and its analytical tools, it is essential that citizens feel safe and confident. They must be convinced that compliance with the RLOPD is impeccable. They must be convinced that their data is protected and that if they decide to keep it private, that will be true.
If there are privacy risks, must have been evaluated from the beginning and measures must be taken to mitigate them. Ensure that Big Data conforms to the RLOPD..
There are different strategies that can be put in place to avoid risks to the Privacy:
- Data minimization. The amount of personal data should be limited as much as possible.
- Maximize aggregation. Personal data should be processed as much as possible, minimizing details as much as possible.
- Hide data. Personal data and its interrelationships must be protected so that users cannot see them.
- Distribute the data. Data must be processed in separate environments, distributing them whenever possible.
- Transparency. All those who have personal data that are going to be processed must be adequately informed.
- Control. Those who have personal data included in big data must be able to know what is done with them and exercise their rights.
- Compliance. The privacy policy that best suits legal requirements must be complied with.
- Demonstration. Compliance with privacy policies or any legal requirement must be demonstrated.
Different techniques can be used to cover these privacy strategies, including:
- Anonymization. Used for the first two strategies, data minimization and aggregation maximization.
- Encryption. To hide data, distribute or separate them.
- Access control. For transparency and control.
- Traceability. Used for the last two strategies, compliance and demonstration.
Let's see the phases of big data in which each of these privacy strategies should be used as well as the techniques to use:
- Acquisition and collection phase:
- Data minimization
- Select before buying
- EIPD
- Maximize aggregation
- Source source anonymization
- Hide data
- Transparency
- Control
- Mechanisms for obtaining consent
- Analysis and validation phase:
- Maximize aggregation
- Anonymization techniques
- Hide data
- Encryption tools
- Storage phase:
- Hide data
- Encryption tools
- Authentication and access control mechanisms
- Distribute the data
- Distributed storage / decentralized
- Exploitation phase:
- Maximize aggregation
- Anonymization techniques
- All phases:
- Compliance and demonstration
- Policy definition
- Traceability of actions
- Compliance tools
(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = “//connect.facebook.net/es_ES/all.js#xfbml=1&status=0”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, 'facebook-jssdk'));
