If that data is then breached, there would be no way of connecting it with the data subject without additional information – which should, of course, be held separately.Īlthough it is central to protecting data – being mentioned 15 times in the GDPR – and can help protect the privacy and security of personal data, pseudonymisation has its limits, both in terms of practicality and the risk of re-identification.įor more efficient data protection, we look to encryption.Ī form of cryptography, encryption is a way of safeguarding data against unauthorised access by encrypting it through use of a mathematical function known as a key. Pseudonymisation is the process of replacing personally identifiable information with artificial identifiers (pseudonyms) in order to conceal the data subject it relates to.įor instance, you might replace data subjects’ names, addresses or other data with reference numbers.
Pseudonymisation and encryption are the only technological measures specifically mentioned in the GDPR (General Data Protection Regulation).īut what exactly is meant by ‘pseudonymisation’ and ‘encryption’? Are these measures mandatory? More importantly, how can organisations go about implementing them? Let’s take a look.
0 kommentar(er)
