In a nutshell, data pseudonymization is a method used to minimize the chance that personal data and identifiers would enable to identify a person.
Article 4(5) of GDPR states that:
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Benefits of using data pseudonymization:
- You’re allowed to use it for the different purposes that it was collected for
- You’re free from processing data subject requests regarding data access, rectification or erasure
- You prove that you’re following protection by design and data privacy principles
Under GDPR, pseudonymization techniques are not enough to provide full anonymity of the data.
In terms of GDPR we can pseudonymise data like:
- login details
- device IDs
- IP addresses
- cookies
- device type
- language preference
- time zones
Most popular methods of data pseudonymization:
Scrambling
Encryption
Masking
Tokenization
Data blurring
Read more about pseudonymization on the Piwik PRO blog:
