LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the difference between pseudonymization and anonymization, and why does it matter under GDPR?

Pseudonymization is reversible (identities can be recovered with a key); anonymization is irreversible. Under GDPR, pseudonymized data is still personal data, while properly anonymized data falls outside the regulation.

Pseudonymization Anonymization
Reversible? Yes, with the secure key/mapping No — irreversible by design
Re-identification Possible for authorized parties Impossible even with extra info/compute
Data linkage Maintained Lost
Privacy level Lower Higher
Utility Higher May be reduced

The legal punchline: because pseudonymized data can be linked back to a person, GDPR still treats it as personal data — all the obligations (consent, rights, breach rules) apply. Truly anonymized data is no longer "personal data," so it falls outside GDPR's scope.

Tip: Tokenization, encryption with retained keys, and reversible hashing are pseudonymization — not anonymization. Don't claim GDPR exemption for data you can still re-link.

Go deeper:

From Quiz: PRIVACY / Cryptographic Privacy & Big Data — Zero-Knowledge Proofs, MPC, Homomorphic Encryption & Anonymization | Updated: Jul 14, 2026