Pseudonymization is a data management procedure promoted by the European Union’s General Data Protection Regulation (GDPR)1. When data is pseudonymized, the information that can point to the identity of a subject is replaced by “pseudonyms” or identifiers. This prevents the data from specifically pinpointing the user.
The only way pseudonymized data can be linked to a unique individual is by combining it with other pieces of data, which are stored and protected separately. This system allows organizations to analyze personal data and continue providing services to customers, while protecting the subject’s right to privacy.
In Article 4(5) of the GDPR, the process of pseudonymization2 is defined as “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.”