They established Truata in Ireland as a trust to provide a new standard in data hostinMastercard and IBM have founded a company with a very narrow goal To help organizations scramble their data to thwart hackers and comply with Europes General Data Protection Regulation They established Truata in Ireland as a trust to provide a new standard in data hosting and anonymization conceived by Mastercard that will help businesses build a security layer using methods only they know The process falls in line with pseudonymization another process under GDPR in which businesses handling European consumer data would never keep all of the personal or payment credential data for one person in one place Rather parts of it would be stored in different silos on a network Bloomberg News Data anonymization ensures that data can never be attributed to a specific individual said Truata CEO Felix Marx who recently served as executive vice president of services in Asia-Pacific for Mastercard The European Union has set May 25 as the deadline for GDPR compliance Any company that deals with European customers has to comply with GDPR or risk hefty fines The foundation of the regulation rests on the European Unions contention that consumers own their data not the companies in possession of it The regulation affects any company that handles payments or personal information Truatas process for anonymization starts with the data-driven business client de-identifying the data using a methodology known only to them That data is transferred to Truata where any remaining identifiers are removed and replaced with a token That data is transferred to Truatas data vault where the token is replaced with another token known only to Truata The data is then used to perform analysis for each customer Marx said Its a deep security process that includes measures like noise and perturbing data techniques that are well known to data scientists and essentially replace portions of actual data content through a statistical process It preserves the analytical value of the data while preventing the ability to convert it back to its original form Because GDPR requires businesses to secure data in certain ways as well as honor the premise that a European consumer has the only say over whether it can be used for any other marketing or sales purposes many observers feel the European Union regulation could ultimately prevent major data breaches GDPR will undoubtedly lead to data protection that reduces the incidence of big breaches even in the US said Al Pascual research director and head of fraud and security for Javelin Strategy Research Consider that the many if not most medium to large enterprises do business in Europe Though not all of these businesses will take the same steps anonymizing and pseudonmynizing sensitive customer data will frustrate criminals driving a shift in their behavior Pascual said Other data will still be at risk including intellectual property and business financial data meaning we can expect ransomware to continue if not increase he added Criminals are going to look for ways to get paid and if they cant compromise and sell it to misuse personal identifiable information they are going to pile it into other schemes In the past month Truata and IBM began providing cloud analytics and cognitive computing capabilities to data protection measures Truata will develop with clients The GDPR sets a new standard for data privacy Truatas Marx said Our conversations with regulators potential customers and other entities impacted by GDPR have shown that when it comes to analytics and the need to have compliance with the GDPR many organizations have not yet started to consider the need for anonymized data Indeed Smart Insights reported that only 6 of companies it surveyed said they were fully prepared while 21 indicated they were close but nearly 50 said they were aware of the looming deadline but hadnt started compliance work yet Truata is working to close that gap dramatically in the next several weeks Organizations need to be more proactive in the way they manage all of their personal data employee customer and proprietary to ensure they remain compliant with GDPR Marx said Many organizations have underestimated the measures that will be required to comply Marx added Consent management solutions designated data privacy officers special controls on data access and new legal bases for use of data will all change the way they manage and use data he said Regardless of which companies are prepared to comply or not the GDPR brings on a significant change in how payments companies will handle European consumer data Of course there will still be a long tail of smaller US businesses that wont take the same steps to protect customer data because they dont do business overseas Javelins Pascual said Its simply they dont care about complying which will make them more attractive targets in this post-GDPR future Currently a US credit card processor who has locked down and protected a consumers payment card and personal data would essentially be able to store that data forever Under GDPR a European consumer could request that it be stored only for future payment reference for a period of time or be taken off the database completely The data could not be used for any other purpose without consent