{"id":9052,"date":"2022-02-01T17:10:22","date_gmt":"2022-02-01T16:10:22","guid":{"rendered":"https:\/\/www.cabinetbouchara.com\/pseudonymisation\/"},"modified":"2026-02-10T08:57:21","modified_gmt":"2026-02-10T07:57:21","slug":"pseudonymization","status":"publish","type":"page","link":"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/pseudonymization\/","title":{"rendered":"Pseudonymization"},"content":{"rendered":"<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/\">Lexicon<\/a> <span style=\"color: #F5B63F\">&gt; <span style=\"color: #F5B63F\"><b>Pseudonymization<\/b><\/span><\/span><\/p>\n<p>IT Glossary<\/p>\n<p style=\"text-align: justify\">Pseudonymization is a technical security measure that reduces the correlation of a set of <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/personal-data\/\" target=\"_blank\" rel=\"noopener noreferrer\">personal data<\/a> with the original identity of a data subject, contributing in particular to data protection by design and <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-protection-by-default-and-design\/\" target=\"_blank\" rel=\"noopener noreferrer\">data protection by default<\/a>, and may be included among the appropriate safeguards.<\/p>\n<p style=\"text-align: justify\">It consists in replacing an attribute, generally unique, by another one in a record, and consequently reduces the risk of correlation of a set of data.<\/p>\n<p style=\"text-align: justify\">However, pseudonymized data still allows for the individualization of a data subject and the correlation between different data sets.<\/p>\n<p style=\"text-align: justify\">Pseudonymization should therefore not be confused with <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/anonymisation\/\" target=\"_blank\" rel=\"noopener noreferrer\">anonymization<\/a>, which consists of removing sufficient elements so that the data subject can no longer be identified by using all the means that can reasonably be implemented, either by the data <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/person-in-charge-of-the-treatment\/\" target=\"_blank\" rel=\"noopener noreferrer\">controller<\/a> or by a third party.<\/p>\n<p style=\"text-align: justify\">While pseudonymization is reversible,anonymization is irreversible.<\/p>\n<p style=\"text-align: justify\">Pseudonymized data does not prevent a data subject from being identifiable and therefore remains within the scope of the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR<\/a>, which is not the case with anonymized data which falls outside the scope of the GDPR.<\/p>\n<p style=\"text-align: justify\">The main pseudonymization techniques are the following:<\/p>\n<ul>\n<li style=\"text-align: justify\">Secret key <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/encryption\/\" target=\"_blank\" rel=\"noopener noreferrer\">encryption<\/a> system;<\/li>\n<li style=\"text-align: justify\">Chopping function, with or without salting;<\/li>\n<li style=\"text-align: justify\">Keyed hash function &#8211; with stored key or with key deletion;<\/li>\n<li style=\"text-align: justify\">Tokenization.<\/li>\n<\/ul>\n<p style=\"text-align: justify\">Regardless of the technique used, pseudonymization must necessarily allow the individualization of the data subject, who is identified by a unique attribute. In addition, the correlation between the data should still be possible by means of other attributes.<\/p>\n<p style=\"text-align: justify\">An unauthorized reversal of the pseudonymization procedure may result in a breach of personal data, causing a loss of control by data subjects over their data.<\/p>\n<h2 style=\"text-align: justify\">GDPR<\/h2>\n<p style=\"text-align: justify\"><span>&#8220;<\/span><i><span>Pseudonymization of personal data can reduce risks to data subjects and help data controllers and processors meet their data protection obligations. The explicit introduction of pseudonymization in this Regulation is not intended to exclude any other data protection measure.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><i><span>In order to encourage pseudonymisation in the processing of personal data, pseudonymisation measures should be possible within the same controller, while allowing for general analysis, where the controller has taken the necessary technical and organisational measures to ensure, for the processing concerned, that this Regulation is implemented, and that additional information allowing the personal data to be attributed to a specific data subject is kept separately. The controller who processes personal data should indicate the persons authorized to do so within the same controller<\/span><\/i><span>.&#8221;<\/span><\/p>\n<p style=\"text-align: justify\"><span>Recitals 28 and 29 of the GDPR<\/span><\/p>\n<h2 style=\"text-align: justify\">Point of jurisprudence<\/h2>\n<p style=\"text-align: justify\"><span>The Slovenian supervisory authority recalls that &#8220;<\/span><i><span>Encrypted personal data are pseudonymized personal data and therefore remain personal data (see Article 4(5) of the General Regulation), and are therefore not anonymous data, so the processing of pseudonymized personal data also requires an appropriate legal basis.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span>[&#8230;]<\/span><\/p>\n<p style=\"text-align: justify\"><i><span>If unauthorized persons get their hands on pseudonymized personal information, it is the same as if they were given raw personal data, they will just take a little longer to identify the individuals. Truly anonymous data is only achieved through the use of specific anonymization methods and techniques (such as noise addition, permutation, differentiated privacy, aggregation, k-anonymity, l-diversity, and t-similarity) and not through simple encoding, encryption, or other mapping<\/span><\/i><span>&#8220;.<\/span><\/p>\n<p style=\"text-align: justify\"><span>Informacijski poobla\u0161\u010denec, 30 March 2020, No. 07120-1\/2020\/25<\/span><\/p>\n<p style=\"text-align: justify\">The Bouchara firm assists you in particular in :<\/p>\n<ul style=\"text-align: justify\">\n<li>Making your organization <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\" target=\"_blank\" rel=\"noopener noreferrer\">RGPD<\/a> compliant;<\/li>\n<li>The drafting of data protection policies (privacy policy, computer charter &#8230;);<\/li>\n<li>Documentation of your processing (register of processing activities, register of violations, privacy <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-privacy-impact-assessment-dpa\/\" target=\"_blank\" rel=\"noopener noreferrer\">impact analysis<\/a>, prior consultation&#8230;);<\/li>\n<li>Obtaining certifications and adhering to <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/code-of-conduct\/\" target=\"_blank\" rel=\"noopener noreferrer\">codes of conduct<\/a>;<\/li>\n<li>The study of the legal feasibility of the implementation of a new <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-processing\/\" target=\"_blank\" rel=\"noopener noreferrer\">personal data processing<\/a>;<\/li>\n<li>The drafting and transmission of your codes of conduct to the <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/national-commission-for-information-technology-and-civil-liberties-cnil\/\" target=\"_blank\" rel=\"noopener noreferrer\">CNIL<\/a> for approval;<\/li>\n<li>Legal analysis of the compliance of your data processing, including data transfers outside the European Economic Area;<\/li>\n<li>Drafting and negotiating your data processing agreements (DPA);<\/li>\n<li>Drafting your Binding Corporate Rules (BCR) and Codes of Conduct;<\/li>\n<li>Training and awareness of your employees.<\/li>\n<\/ul>\n<p style=\"text-align: justify\">We are also the external <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/data-protection-officer-dpo\/\" target=\"_blank\" rel=\"noopener noreferrer\">Data Protection Officer<\/a> of many data <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/person-in-charge-of-the-treatment\/\" target=\"_blank\" rel=\"noopener noreferrer\">processors<\/a> and <a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/subcontractor\/\" target=\"_blank\" rel=\"noopener noreferrer\">subcontractors<\/a>.<\/p>\n<h2>Other definitions<\/h2>\n<h3><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/brand\/\">Trademark<\/a><\/h3>\n<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/brand\/\">A trademark is a distinctive sign allowing its owner (natural or legal person) to differentiate its products and services&#8230;<\/a><\/p>\n<h3><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\">GDPR<\/a><\/h3>\n<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/gdrp\/\">The GDPR refers to Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals&#8230;<\/a><\/p>\n<h3><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/renowned-or-well-known-trademark\/\">Well-known trademark<\/a><\/h3>\n<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/renowned-or-well-known-trademark\/\">The concepts of reputed and well-known trademarks have been defined by the jurisprudence and designate a trademark that is widely known by the public&#8230;<\/a><\/p>\n<h3><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/wipo\/\">WIPO<\/a><\/h3>\n<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/wipo\/\">The World Intellectual Property Organization (WIPO) is an international institution of the United Nations, located in Geneva&#8230;<\/a><\/p>\n<p><a href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/\">See the lexicon<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.cabinetbouchara.com\/wp-content\/uploads\/2021\/12\/Fichier-24.svg\" width=\"25\" height=\"25\" alt=\"\" class=\"wp-image-1012 alignnone size-medium\" style=\"margin-left: 15px;margin-bottom: -6px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lexicon &gt; Pseudonymization IT Glossary Pseudonymization is a technical security measure that reduces the correlation of a set of personal data with the original identity of a data subject, contributing in particular to data protection by design and data protection by default, and may be included among the appropriate safeguards. It consists in replacing an &#8230; <a title=\"Pseudonymization\" class=\"read-more\" href=\"https:\/\/www.cabinetbouchara.com\/en\/lexicon\/pseudonymization\/\" aria-label=\"Read more about Pseudonymization\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":9175,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-9052","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9052","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/comments?post=9052"}],"version-history":[{"count":5,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9052\/revisions"}],"predecessor-version":[{"id":19563,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9052\/revisions\/19563"}],"up":[{"embeddable":true,"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/pages\/9175"}],"wp:attachment":[{"href":"https:\/\/www.cabinetbouchara.com\/en\/wp-json\/wp\/v2\/media?parent=9052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}