Frequently asked questions: GDPR PSEUDONYMISATION VS ANONYMIsATION

        Pseudonymisation_Anonos

 

Q1) Does pseudonymisation help support legitimate interests as an alternate (non-consent) lawful basis for processing EU personal data under the GDPR?

A1) Yes. Pseudonymising (or “pseudonymizing”) personal data – in compliance with the GDPR definition for the term [1] – helps to support processing in “the legitimate interests of the controller or a third party” as a lawful basis for processing.

Click to Expand

Q2) What is the Difference Between Pseudonymisation and Anonymisation Under the GDPR?

A2) GDPR compliant anonymisation (or anonymization) requires destruction of all links (direct and indirect) among personal data and the identities of individual data subjects. In contrast, GDPR compliant pseudonymisation (or pseudonymization) which enables re-linkability of data to the identities of data subjects under controlled conditions by authorized parties.

Click to Expand

Q3) Can pseudonymisation help controllers and processors meet their data-protection obligations under the GDPR?

A3) Yes, pseudonymisation (or pseudonymization) can help both controllers and processors meet their data-protection obligations under the GDPR.

Click to Expand

Q4) Can pseudonymisation help my organization satisfy its GDPR data protection compliance requirements?

A4) Yes. Pseudonymisation is a specifically enumerated example of “appropriate technical and organisational measures that can help ensure that the requirements of the GDPR are met.

Click to Expand

Q5) Does Pseudonymisation serve as a “safeguard” to enable lawful archival (storage) of personal data for statistical purposes under the GDPR?

A5) Yes. Pseudonymisation is specifically enumerated as an appropriate “safeguard” to help enable lawful archival (storage) of personal data for statistical purposes under the GDPR.

Click to Expand

Q6) What is required for GDPR compliant pseudonymisation?

A6) GDPR compliant pseudonymisation (or pseudonymization) requires separation of the information value of data from the means of determining the identity of data subjects.

Click to Expand

Q7) What are the benefits of GDPR compliant pseudonymisation?

A7) Complying with GDPR requirements for pseudonymisation (or pseudonymization) helps to enable lawful iterative data analytics, artificial intelligence (AI), machine learning (ML), and digital transformation (DX).

Click to Expand

Q8) Can Pseudonymisation help satisfy my organization’s obligation to enforce Data Protection by Design and by Default under the GDPR?

A8) Yes. Pseudonymisation can help to satisfy GDPR obligations to enforce Data Protection by Design and by Default.

Click to Expand