About Atmia
About Atmia

Rabobank enlists IBM to desensitise client data for GDPR

Monday, April 09, 2018

by IBM

Rabobank is working with IBM to use cryptographic pseudonyms on its clients' personal data to help comply with the EU's new General Data Protection Regulation (GDPR).

Coming into effect at the end of May, GDPR will create a harmonised data protection law framework across the EU with the aim of giving citizens back control of their personal data, whilst imposing strict rules on those hosting, moving and processing it.

As part of its efforts to comply with the new rule, Rabobank has teamed up with IBM to cryptographically transform terabytes of its most sensitive client data - including names, birthdates and account numbers - into a desensitised representation, meaning it looks and behaves like the real data, but is not.

Identifying fields within a data record are replaced by pseudonyms, i.e. replacing a real name with a fictitious one. In addition, for GDPR the data is also processed in such a way that it can no longer be attributed to a specific data subject without the use of additional information.

The partners have been working on the project for the last year, with multiple key applications and platforms already pseudonymised, including the current bank account and savings systems on mainframe, Linux, Tandem and Windows platforms. Ultimately, the project will pseudonymise all payments applications and expand into other functional areas within the bank.

Michael Osborne, cryptographer, IBM Research, says: "IBM analytics software combined with our cryptographic desensitisation engine achieves pseudonymisation by converting the data into individual hash-based token keys which are completely impermeable today and in the future, even from a fault-tolerant quantum computer many years from now."

The move not only helps with GDPR compliance, says Rabobank, it also makes it easier for its so-called Radical Automation DevOps team to use the data for performance testing of new technologies and services, such as mobile apps and payment solutions.

Peter Claassen, delivery manager, radical automation, Rabobank, says: "Being able to test and iterate using pseudonymised data is going to unleash new innovations from our DevOps team bringing even more security, innovation and convenience to our clients."

Leave a comment (Your email address will not be displayed or shared)

Leave this field empty

No comments have been added. Please use the form above to add your comments.

Global Sponsor - Cardtronics
Global Sponsor - TMD Security
Global Sponsor - FIS
Global Sponsor - DPL
Global Sponsor - Mastercard
Global Sponsor - Diebold Nixdorf
Global Sponsor - Prosegur
Global Sponsor - Euronet Worldwide
Global Sponsor - Payment Alliance International, Inc.
Global Sponsor - KAL
Global Sponsor - Auriga
Global Sponsor - NCR
Become a Global Sponsor
Join the Campaign

Global Sponsors