Pseudonymization
What is Pseudonymization?
PseudonymizationA technique that replaces direct identifiers in personal data with reversible aliases, so that the data can no longer be attributed to an individual without additional, separately kept information.
Pseudonymization is defined in GDPR Article 4(5) as the processing of personal data so that it can no longer be attributed to a specific data subject without the use of additional information, which must be kept separately and protected. Typical methods include deterministic tokens, HMAC with a secret key, format-preserving encryption, and lookup tables held in a key vault. Unlike anonymization, pseudonymized data remains personal data under GDPR and ISO/IEC 27559, but qualifies as an explicit safeguard (Articles 25 and 32) that reduces re-identification risk and breach impact. It is widely used in analytics, ML training, fraud cooperation, and clinical research, paired with strict key management and access controls.
● Examples
- 01
Replacing customer IDs with HMAC tokens in a data warehouse while keeping the key in a hardware security module.
- 02
Sharing pseudonymized patient records with a research partner under a data-sharing agreement.
● Frequently asked questions
What is Pseudonymization?
A technique that replaces direct identifiers in personal data with reversible aliases, so that the data can no longer be attributed to an individual without additional, separately kept information. It belongs to the Privacy & Data Protection category of cybersecurity.
What does Pseudonymization mean?
A technique that replaces direct identifiers in personal data with reversible aliases, so that the data can no longer be attributed to an individual without additional, separately kept information.
How does Pseudonymization work?
Pseudonymization is defined in GDPR Article 4(5) as the processing of personal data so that it can no longer be attributed to a specific data subject without the use of additional information, which must be kept separately and protected. Typical methods include deterministic tokens, HMAC with a secret key, format-preserving encryption, and lookup tables held in a key vault. Unlike anonymization, pseudonymized data remains personal data under GDPR and ISO/IEC 27559, but qualifies as an explicit safeguard (Articles 25 and 32) that reduces re-identification risk and breach impact. It is widely used in analytics, ML training, fraud cooperation, and clinical research, paired with strict key management and access controls.
How do you defend against Pseudonymization?
Defences for Pseudonymization typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Pseudonymization?
Common alternative names include: Pseudonymisation, Reversible De-identification.
● Related terms
- privacy№ 274
Data Anonymization
Irreversibly transforming personal data so that no individual can be identified, directly or indirectly, even when combined with other available information.
- privacy№ 1164
Tokenization (Privacy)
Replacing sensitive data values with non-sensitive tokens that have no exploitable meaning outside a controlled token vault, reducing the scope of personal or regulated data.
- privacy№ 280
Data Minimization
A privacy principle requiring organizations to collect, process, and retain only the personal data that is strictly necessary for a defined, lawful purpose.
- privacy№ 279
Data Masking
Replacing sensitive data with realistic but fictitious values so that downstream users, applications, or environments can use the data without exposing the originals.
- compliance№ 440
GDPR
The European Union's General Data Protection Regulation governing the processing of personal data of individuals in the EU and EEA.
- privacy№ 818
Personally Identifiable Information (PII)
Any data that can identify a specific individual on its own or when combined with other information, such as names, identifiers, or biometric records.
● See also
- № 576k-Anonymity
- № 603l-Diversity
- № 1126t-Closeness
- № 317Differential Privacy
- № 856Privacy by Design