Robustness of k-Anonymization Model in Compliance with General Data Protection Regulation

The advancement in technology and the emergence of big data and the internet of things (IoT), individuals (data subjects) tend to suffer from privacy breach of various types that has led to a lot of damages to both data subjects and brands. These and other issues about data privacy breach led the European Union to come up with a much stringent regulations that will serve as a deterrent to businesses or organizations that handle data. This gave birth to the General Data Protection Regulation (GDPR) in 2018 which replaced the previous 1995 Data Protection Directive in Europe. This research examined the robustness of k-anonymity in compliance with GDPR regulations at varying k-values (5,10,50, and 100) using the 1994 USA Census Bureau Data referred to as the adult dataset. Various measures were used to determine which k-value meets the GDPR criteria and the findings revealed the best anonymizing threshold complies with the GDPR criteria that prevents information loss (which determines data utility), prosecutor re-identification risk percentage and attacker models (prosecutor, journalist and marketer model).