Sun. Mar 26th, 2023
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    es flag
    uk flag

    Content Assessment: Protecting Data? Engineering Personal Data Sharing (ENISA)

    Information - 94%
    Insight - 95%
    Relevance - 96%
    Objectivity - 93%
    Authority - 95%



    A short percentage-based assessment of the qualitative benefit of the announcement and report from ENISA on how cybersecurity technologies and techniques can support the implementation of the GDPR principles when sharing personal data.

    Editor’s Note: ENISA, the European Union Agency for Cybersecurity, was established in 2004 to promote a high level of cybersecurity across Europe. The EU Cybersecurity Act has strengthened its role, and it works towards enhancing the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, contributing to EU cyber policy, cooperating with Member States and EU bodies, and preparing Europe for future cybersecurity challenges. Through knowledge sharing, capacity building and awareness raising, ENISA collaborates with key stakeholders to build trust in the connected economy, boost the Union’s infrastructure resilience, and maintain digital security for Europe’s society and citizens. The new report, Engineering Personal Data Sharing, aims to investigate specific use cases related to personal data sharing, primarily in the health sector, and how the implementation of specific technologies can support meeting data protection requirements. This new report may benefit cybersecurity, information governance, and legal discovery professionals operating in the eDiscovery ecosystem as they consider data protection through the lens of personal data sharing.

    Press Announcement Extract And Report*

    Engineering Personal Data Sharing

    The European Union Agency for Cybersecurity (ENISA) explores how technologies can support personal data sharing in practice.

    Because data today is at the heart of our lives and central to our economy, data has been coined as the new currency. No transactions or activity can be performed online nowadays without the exchange and sharing of data. Organisations share information with partners, analytic platforms, public or other private organisations and the ecosystem of shareholders is increasing exponentially. Although we do see data being taken from devices or from organisations to be shared with external parties in order to facilitate business transactions, securing and protecting data should remain a top priority and adequate solutions implemented to this end.

    The objective of the report is to show how the data protection principles inscribed in the GDPR can be applied in practice by using technological solutions relying on advanced cryptographic techniques. The report also includes an analysis of how data is dealt with when the sharing is part of another process or service. This is the case when data need to go through a secondary channel or entity before reaching the final recipient.

    The report focuses on the various challenges and possible architectural solutions on intervention aspects. An example of these is the right to erasure and the right to rectification when sharing data. Targeting policy makers and data protection practitioners, the report provides an overview of the different takes on how to approach personal data sharing in an effective way.


    The EU Agency for Cybersecurity has been working in the area of privacy and data protection since 2014, by analysing technical solutions for the implementation of the GDPR, privacy by design and security of personal data processing.

    The work in this area falls under the provisions of the Cybersecurity Act (CSA) and is meant to support Member States on specific cybersecurity aspects of Union policy and law in relation to data protection and privacy. This work builds upon the Agency’s activities in the area of Data Protection Engineering and is produced in collaboration with the ENISA Ad Hoc Working Group on Data Protection Engineering.

    The Agency has been providing guidance on data pseudonymisation solutions to data controllers and processors since 2018.

    Further information

    Other information

    About ENISA

    The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, ENISA contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.

    Read the original announcement.

    Complete Report: Engineering Personal Data Sharing (PDF) – Mouseover to Scroll

    Engineering Personal Data Sharing Data Sharing - ENISA

    Read the original paper.

    *Shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.

    Additional Reading

    Source: ComplexDiscovery


    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is a premier online publication renowned for providing essential insights and intelligence in the realms of cybersecurity, information governance, and legal discovery to professionals navigating these fields. As a leading source of information, the publication expertly combines original research with aggregated news to cater to a highly specialized audience. Committed to enhancing readers’ understanding of relevant topics, ComplexDiscovery stands as an impartial and comprehensive resource for exploring trends, technologies, and services associated with electronically stored information.

    The driving force behind this influential publication is ComplexDiscovery OÜ, a technology marketing firm that excels in strategic planning and tactical execution for organizations operating within these sectors. Registered as a private limited company in Estonia, a global leader in digital advancements, ComplexDiscovery OÜ dedicates its primary focus to supporting the publication. The company capitalizes on its virtual presence to provide marketing consulting and services to a diverse array of clients around the world, further solidifying its reputation as a leading voice in the eDiscovery ecosystem.