IITR Data Protection Patent:
Privacy-Compliant Event Analysis

The lawfulness of data processing under the EU General Data Protection Regulation

The EU General Data Protection Regulation permits the processing of personal data if:

  1. the data subject has given consent or
  2. the data processing is contractually or legally necessary. This includes, for example, the processing of personal data for the performance of a contract, for the performance of legally required data processing actions, or to protect the legitimate interests of the data-processing controller.

According to the EU’s General Data Protection Regulation, it is illegal to process personal data except in cases where it is permitted. This principle sometimes conflicts with the development of data-driven business models

Privacy-compliant development of data models using real data

For the development of new products and services, the digital industry is often reliant on the (initially) unprompted storage and later analysis of personal data. However, the law places limits on this in Europe, particularly in view of the General Data Protection Regulation.

So there is an economic interest in processing data in such cases. At the same time, there is a requirement to act in compliance with the applicable data protection regulations. We have therefore developed and patented a process that makes both possible: the evaluation of data and the simultaneous protection of the data protection rights of data subjects.

The “third way”: privacy-compliant event analysis based on real data

Our approach enables us to summarize, evaluate and perform event analysis with the help of real data – but we don’t need to access the (technically protected) personal data. This is what we call the “third way” of privacy-compliant evaluation of data.

The patent is published by the European Patent Office under the number EP2993607. The actual patent specification can be viewed here.


Diverse evaluation options

This “third way” enables payment data, traffic flow data, visitor data for brick-and-mortar retail, telecommunication data, and more, to be evaluated while satisfying data protection laws and even without the consent of data subjects. Particularly in view of the tightened data protection regulatory environment, our analysis approach allows clients to continue their evaluation processes (technically modified and hence compliant with data protection law even without consent) while meeting data protection regulations.

Auzug Patent

Excerpt from the patent specification: How data analysis works

Legal opinions and participation of data protection supervisory authorities

This regulatory approach has the support of a legal opinion and has already received approval from the first data protection supervisory authorities in practice.

Prototype: Using the IITR data protection patent

We provide a test environment where you can try out the data protection patent and use it to analyze test data.


Building trust through the data protection patent

One of the goals of the data protection patent is to allow companies to leverage it as a unique selling proposition. Those that use this patent will signal their compliance with data privacy.

Are you interested?

If you would like more information and are interested in using the data protection patent for your processing purposes, please click here to contact us:

Contact us

Get advice now

Call-back service


Arrange a consultation