Pseudonymization is defined in the GDPR to mean “the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person”
This is normally achieved by removing direct identifiers, such as a name or email address, and replacing them with a pseudonym. This process is also known as data masking or tokenization.
Unlike anonymization, pseudonymization can be set up to be reversible. While pseudonymized data remains personal data under the GDPR, the law encourages organizations to pseudonymize data whenever possible.

Return to Glossary

Data de-identification 101 Webinar

Privacy Pulse 2019

Privitar's Privacy Pulse 2019 presents the latest from our annual survey of consumer and business attitudes to data privacy.

Learn More

Didn't find what you were looking for?

Want to know more about Privitar, but don't know where to start? Look no further. Get in touch by clicking the button below and we'll gladly assist you.