What is pseudonymisation under the GDPR, and how is it typically implemented?
Pseudonymisation replaces direct identifiers with pseudonyms and keeps the mapping in a separate key file — reducing, but not eliminating, linkability.
Per Art. 4(5) and Recital 28, pseudonymisation is a safeguard that reduces the linkability between data and the people it describes. The data is de-identified so it can't lead to identification without additional information.
The classic implementation:
- Replace direct identifiers (e.g. names) with pseudonyms (codes, tokens, hashes).
- Store the mapping (pseudonym → real identity) in a separate key file, kept apart from the research data and protected.
In theory, destroy the key and the data becomes anonymized. In practice that's harder than it sounds, because the rest of the record can still leak identity.
Tip: Pseudonymisation is reversible by design — the whole point is that an authorized party can re-link with the key.
Go deeper:
Pseudonymization (Wikipedia) — definition, key-file model, GDPR Art. 4(5).
GDPR Recital 28 (gdpr-info.eu) — the regulator's stated rationale for pseudonymisation.