Exploring the proper use of pseudonymisation related to personal data

In the light of the General Data Protection Regulation (GDPR), the challenge of proper application of pseudonymisation to personal data is gradually becoming a highly debated topic in many different communities, ranging from research and academia to justice and law enforcement and to compliance management in several organizations across Europe.

Pseudonymisation and personal data challenges

The ENISA “Pseudonymisation techniques and best practices” report, amongst other, especially discusses the parameters that may influence the choice of pseudonymisation techniques in practice, such as data protection, utility, scalability and recovery.

It also builds on specific use cases for the pseudonymisation of certain types of identifiers (IP address, email addresses, complex data sets).

There is no easy solution

One of the main outcomes of the report is that there is no single easy solution to pseudonymisation that works for all approaches in all possible scenarios.

On the contrary, it requires a high level of competence in order to apply a robust pseudonymisation process, possibly reducing the threat of discrimination or re-identification attacks, while maintaining the degree of utility necessary for the processing of pseudonymised data.