LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Why is pseudonymised data still treated as personal data under the GDPR?

Because the de-identification is reversible — re-identification is merely harder, not impossible — so the full GDPR still applies.

Pseudonymisation lowers risk but doesn't break the link to a person. Re-identification stays possible through three routes even without the key:

  • Isolating records — individuals may still be singled out via unique attributes introduced or left in by the pseudonymization.
  • Establishing links — the same pseudonym used consistently for one person, or shared attributes across datasets, re-connects records.
  • Making inferences — an attacker deduces a real identity from the dataset itself or from other databases sharing the same pseudonymized attribute.

Because identity can be restored, pseudonymous data is still personal data — you must comply with every GDPR rule when using it. This is the single most common misconception: people treat "pseudonymized" as if it meant "anonymized." It doesn't.

Go deeper:

From Quiz: PRIVACY / Data Anonymization — k-Anonymity, l-Diversity & Re-identification | Updated: Jul 05, 2026