Pseudonymised data

From The Jolly Contrarian
Revision as of 16:48, 18 June 2024 by Amwelladmin (talk | contribs)
Jump to navigation Jump to search
General Data Protection Regulation


Index: Click to expand:
GDPR
Template:Anatnavigation-gdpr

Comments? Questions? Suggestions? Requests? Insults? We’d love to 📧 hear from you.
Sign up for our newsletter.

Article 4(5) of the UK GDPR defines pseudonymisation as:

“…processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.”

The ICO’s guidance adds:

“At a basic level, pseudonymisation starts with a single input (the original data) and ends with two outputs (the pseudonymised dataset and the additional information). Together, these can reconstruct the original data. However, in relation to the individuals concerned, each output has meaning only in combination with the other.”

So putting in words JC understands:

  • If you anonymise data — switch out all references to someone identifiable IRL with unique identifiers, randomised numbers and so on so that there is no possibility of anyone reverse engineering who the individuals are as long as you hold it, then you are not processing personal data.
  • If you pseudonymise data — which is to anonymise it as per above but separately hold some kind of key which decodes it into something that is identifiable, then it still counts as personal data.

See also

  • [[==See also==
Retrieved from "https://jollycontrarian.com/index.php?title=Pseudonymised_data&oldid=86771"