Quiz Entry - updated: 2026.07.14
What is pseudonymization, and why is it not the same as anonymization?
Pseudonymization replaces identifying data with artificial identifiers (pseudonyms) using a mapping rule — but it's reversible, which means the data is still personal data under data protection law.
How pseudonymization works:
- Take the original dataset with real names
- Replace each name with a pseudonym (e.g., a hash value)
- Store the mapping (correspondence table) separately and securely
- The pseudonymized dataset can be used for analysis without directly exposing identities
Example:
| Original | Pseudonym |
|---|---|
| Daniel Keller | bb75e0cb68b73634286e... |
| Elias Amherd | 6cd19f55811cd32ad7d0... |
Critical distinction from anonymization:
| Pseudonymization | Anonymization | |
|---|---|---|
| Reversible? | Yes (with the key) | No |
| Still personal data? | Yes | No |
| Data protection applies? | Yes, fully | No |
| Key exists? | Yes (correspondence table) | No key exists |
Important: Even without the key, the remaining quasi-identifiers in a pseudonymized dataset (ZIP code, age, gender) might allow re-identification through linkage attacks. Simply replacing names with hashes does not make data anonymous.
Go deeper:
Pseudonymization (Wikipedia) — GDPR Art. 4(5), reversibility and why it stays personal data.