Anonymisation and pseudonymisation
When processing personal data, two common methods are used to reduce identifiability: anonymisation and pseudonymisation.
Anonymisation involves processing personal data in such a way that individuals can no longer be identified. This may involve, for example, aggregating data to a general level.
Pseudonymisation involves replacing identifiers (such as a personal identity code) with codes from which individuals cannot be directly identified. The data generally remains personal data.
Individual-level data can be difficult to anonymise, as combining multiple data items may still enable identification. For this reason, data released under a data permit are typically pseudonymised.
▸ Is pseudonymised data always personal data?
Pseudonymised data are not necessarily personal data in all circumstances. The nature of the data must be assessed on a case-by-case basis from the perspective of each organisation. The same dataset may constitute personal data for an organisation that holds the pseudonymisation keys, but not for a party that has no reasonable or lawful means of identifying individuals.