Anonymisation and pseudonymisation
‘Pseudonymisation’ of data (defined in Article 4(5) GDPR) means replacing any information which could be used to identify an individual with a pseudonym, or, in other words, a value which does not allow the individual to be directly identified.
Example of Pseudonymisation of Data:
|Student Name||Student Number||Course of Study|
|Original Data||Joe Smith||12345678||History|
|Pseudonymised Data||Candidate 1||XXXXXXXX||History|
Fully ‘anonymised’ data does not meet the criteria necessary to qualify as personal data and is therefore not subject to the same restrictions placed on the processing of personal data under the General Data Protection Regulation (GDPR).Data can be considered ‘anonymised’ when individuals are no longer identifiable. It is important to note that a person does not have to be named in order to be identifiable. If there is other information enabling an individual to be connected to data about them, which could not be about someone else in the group, they may still ‘be identified’. In this context, it is important to consider what ‘identifiers’ (pieces of information which are closely connected with a particular individual, which could be used to single them out) are contained in the information held.
Where data has been anonymised, the original information should be securely deleted to prevent any reversing of the ‘anonymisation’ process. In most cases, if this deletion does not take place then the data is classified as ‘pseudonymised’ rather than ‘anonymised’, and is still considered personal data.
Data protection law does not prescribe any particular technique for ‘anonymisation’, so it is up to individual data controllers to ensure that whatever ‘anonymisation’ process they choose is sufficiently robust.
Please see our guidance note on ‘anonymisation’ and ‘pseudonymisation’ for further information including identification risks and examples of anonymisation techniques.