The best way to ensure data confidentiality across databases is to use data anonymization, which is a process of removing or modifying personal or sensitive data from a dataset so that it cannot be linked or attributed to a specific individual or entity. Data anonymization helps protect the privacy and security of the data subjects, as well as comply with the applicable data protection laws and regulations. Data anonymization can be achieved by using various techniques, such as masking, encryption, aggregation, generalization, perturbation, or synthetic data generation12.
Reference:
CDPSE Review Manual, Chapter 3 - Data Lifecycle, Section 3.3 - Data Anonymization3.
CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 3 - Data Lifecycle, Section 3.4 - Data Anonymization4.

CDPSE/ISACA risk response taxonomy defines risk avoidance as deciding not to engage in the activity that gives rise to the risk. Reduction/mitigation (B/D) means proceed with controls; acceptance (C) means proceed without additional treatment. Not expanding is classic avoidance.
Key CDPSE-aligned phrasing (short extract): "Risk avoidance: Discontinue or do not initiate activities that create risk."

A privacy impact assessment (PIA) is a process of analyzing the potential privacy risks and impacts of collecting, using, and disclosing personal dat a. A PIA should be conducted when there is a change in the data processing activities that may affect the privacy of individuals or the compliance with data protection laws and regulations. One of the scenarios that should trigger the completion of a PIA is when there are new inter-organizational data flows, which means that personal data is shared or transferred between different entities or jurisdictions. This may introduce new privacy risks, such as unauthorized access, misuse, or breach of data, as well as new legal obligations, such as obtaining consent, ensuring adequate safeguards, or notifying authorities.
Reference:
PIA Triggers - International Association of Privacy Professionals
Privacy Impact Assessment - International Association of Privacy Professionals GDPR Privacy Impact Assessment Data Protection Impact Assessment triggers: Clarity or confusion?

The need-to-know basis principle is a security principle that states that access to personal data should be limited to those who have a legitimate purpose for accessing it. The need-to-know basis principle helps to protect data privacy by minimizing the exposure of personal data to unauthorized or unnecessary parties, reducing the risk of data breaches, leaks, or misuse. The need-to-know basis principle should be applied when designing a role-based user access model for a new application, by defining clear roles and responsibilities for different users, granting access rights based on their roles and functions, and enforcing access controls and audits to monitor and verify data access. Reference: : CDPSE Review Manual (Digital Version), page 105

Before any processing, CDPSE stresses lawfulness: identify and document the appropriate legal basis and processing purpose(s). Security controls (C), algorithmic techniques (B), and aggregation (D) are important but secondary to establishing a lawful basis and purpose limitation.
Key CDPSE-aligned phrasing (short extract): "Processing requires a lawful basis and defined purposes prior to collection/use."