Quiz Entry - updated: 2026.07.14
What is the essential difference between pseudonymization and anonymization?
Pseudonymization is reversible (and stays personal data); anonymization is irreversible (and leaves GDPR scope).
* Reversibility is the dividing line: pseudonymization stays personal data, anonymization leaves GDPR scope. *
| Pseudonymization | Anonymization | |
|---|---|---|
| What | Replace identifiers with pseudonyms | Strip/generalize/suppress until no one is identifiable |
| Techniques | Hashing, encryption, tokenization | Generalization, suppression, aggregation |
| Key property | REVERSIBLE — restore identity with the key | IRREVERSIBLE — re-identification computationally infeasible |
| GDPR status | Still personal data | Outside GDPR scope (when done correctly) |
The dividing line is reversibility. Pseudonymization keeps a path back to the person (intentionally), so it's a security safeguard, not an exit from the regulation. Anonymization aims to burn the bridge entirely.
Tip: Reversible → still regulated. Irreversible → free. The whole legal difference hinges on that one word.
Go deeper:
Pseudonymization (Wikipedia) — reversible, stays personal data.
Data anonymization (Wikipedia) — irreversible, leaves GDPR scope when done correctly.