Pseudonymization is a data processing technique that replaces identifying information with artificial identifiers or pseudonyms, making it impossible to attribute personal data to a specific data subject without additional information held separately. This technique reduces the risk of identification while maintaining data utility for analysis and processing purposes.
Pseudonymization
Regulatory Definitions
- GDPR (Article 4(5)): Processing of personal data in such a manner that the personal data can no longer be attributed to a data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Pseudonymized data is considered personal data under GDPR if the data subject remains identifiable through reasonable means (Recital 26), and pseudonymization is recognized as an appropriate technical and organisational measure for data protection (Article 32(1)(a)).