Definition according to GDPR
Pseudonymization is used in Article 4 (5) GDPR defined as:
The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.
A decoupling of the personal reference and an assignment of pseudonyms takes place. For example, data that would allow identification, such as the name, is replaced by a code. Subsequently, an assignment is made in the form of a table. Thus, it is no longer possible to assign data to a specific person without further ado, only by using the additional information stored separately.
Pseudonymised data is therefore protected by encryption, e.g. by using an identification number. It is important that this key is kept separately and secured by technical and organisational measures. Pseudonymisation is a recital of the GDPR and serves the security of the processing of personal data. Pseudonymization is intended to minimize the risk of data misuse or loss. (Art. 32, para. 1a GDPR)
It is important to know that pseudonymised data can be assigned to a natural person, provided a key is available. The situation is different for anonymised data.
What is the difference between pseudonymization, anonymization and encryption?
Anonymization - elimination of the personal reference of data
Anonymization describes the complete elimination of the reference to a person. Accordingly, data is changed during anonymization in such a way that it can only be assigned to a specific person with a disproportionate effort in terms of costs, time, technologies, etc.. In this process, a state is reached in which, in all likelihood, no one can or would carry out de-anonymisation because it would be far too costly and difficult or impossible.
Pseudonymization - increased data protection
Pseudonymisation is the "replacement of the name and other identification features by a label for the purpose of excluding or significantly complicating the identification of the person concerned". In this process, the actual data of a person are not changed, but assigned to pseudonyms. By means of public or separately stored information, certain persons can be identified again.
Encryption - greatly increased protection
Encryption is understood as a process in which a clearly readable text or other type of information is converted by an encryption process (cryptosystem) into an unreadable or uninterpretable character string. All information is converted into a specially encrypted code, regardless of whether it is personal data or not.
What functions does pseudonymization perform?
1. protective function
On the one hand, pseudonymisation fulfils a protective function and protects against the direct identification of a person. By "masking" the persons concerned, their risks are minimized.
2. enabling and facilitating function
Pseudonymisation can also help to make processing permissible which would otherwise not be permissible. This also includes statistics and research projects.
What procedures are there and what should be taken into account when assigning pseudonyms?
Pseudonymisation of personal data can be achieved in various ways. On the one hand, data subjects themselves can carry out pseudonymisation by choosing a freely selected user ID. It is also possible to entrust third parties with the assignment of pseudonyms, such as certification providers or data trustees. The third possibility is the assignment by the responsible persons themselves by means of an identification number. If you have assigned personal data to pseudonyms, two procedures are available. One is the list procedure (also known as an assignment table) and the other is a calculation procedure.
At List procedure data records are assigned to specific pseudonyms using a table. You should note that a simple numbering of the persons is not recommended, since this can reveal a chronological order or an alphabetical order.
Use any pseudonyms instead, but be careful not to duplicate any. It is best to run checks to ensure this.
At Calculation method pseudonyms are calculated algorithmically from the identity data. A cryptic key is used, which ensures that unauthorized third parties cannot calculate the pseudonym from the identity data. It should be noted with this procedure that you should absolutely consider the state of the art in order to exclude vulnerabilities in the encryption.
In addition, it is recommended to change the cryptographic key regularly to increase security. You should also store the key using a documented calculation concept and protect it from unauthorized deletion or discovery.