What Is Pseudonymisation?
Pseudonymisation is generally associated with the EU’s General Data Protection Regulation (GDPR), which calls for pseudonymisation to protect personally identifiable information (PII). According to “Article 4, Definitions” of the Agreed Upon Text of the GDPR:
'Pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Earlier the same document defines “personal data” and “data subject”:
'Personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Related Articles
- General Data Protection Regulation (GDPR) Compliance
- Research and Whitepapers: Addressing Key Provisions of the General Data Protection Regulation (GDPR)
- eBooks: GDPR Compliance in Multi-cloud Environments
- Research and Whitepapers: Securosis: Cracking the Confusion: Encryption and Tokenization for Data Centers, Servers and Applications by Securosis