Pseudonymisation & Anonymisation

On this page: anonymous, pseudonymous, deidentification, safeguard, protection measure, sdc, statistical disclosure control
Date of last review: 2023-05-02

Pseudonymisation and anonymisation are both ways to make personal data less easily linkable to individual data subjects: they are methods to de-identify personal data. Importantly, whereas anonymisation results in non-personal data that are not subject to the GDPR anymore, pseudonymised data are still personal data. It is therefore important to understand the difference between the two, and to estimate when your data are indeed fully anonymous.

Any operation that you do up until the personal data are anonymised - including the anonymisation itself - is still subject to the GDPR. So even if you can anonymise your data later, you still need to comply with the GDPR for everything you do beforehand (e.g., collecting, analysing, sharing, etc.).

In this chapter, we:

  1. Explain what pseudonymisation and anonymisation mean.
  2. Present a step-by-step workflow to de-identify personal data.
  3. List a number of techniques that you can use to de-identify personal data.

Finally, we list some resources for further reading.