What is Data Pseudonymization?
Pseudonymization replaces direct identifiers with artificial identifiers, reducing privacy risk while maintaining data utility, but the data remains personal data under GDPR.
Pseudonymization processes personal data so that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures. Unlike anonymization, pseudonymized data remains personal data under GDPR because re-identification is possible with the additional information.
GDPR specifically encourages pseudonymization as a security measure and provides certain benefits for pseudonymized data, including broader compatibility for further processing under Article 6(4) and exemptions from certain data subject rights under specific circumstances. ProtectIQ provides pseudonymization capabilities that maintain referential integrity while separating identifiers from data.
Relevant Regulations
Related Terms
Data Anonymization
Anonymization irreversibly transforms personal data so that individuals can no longer be identified, even by the data controller, removing the data from privacy regulation scope.
Data Masking
Data masking replaces sensitive data with realistic but fictitious values, protecting privacy while maintaining data utility for testing, development, and analytics.
Data Tokenization
Tokenization replaces sensitive data with non-sensitive tokens that can be mapped back to the original data through a secure token vault, protecting data while preserving processability.
Privacy-Enhancing Technologies (PETs)
PETs are technologies designed to protect personal data privacy while enabling data processing, analysis, and sharing for legitimate purposes.