Pseudonymisation is when you process personal data, but no longer have the option to link the data back to eg. names, addresses or similar directly. An example could be that you process personal data on your customers with a customer number, instead of their names and/or adresses, and therefor only keep the customer number in your database where you process the data.

However you are still keeping the link back to the individual subject in a separate database and hence can identify a specific person by combining the data from the two different databases/archives.

Pseudonymisation does not change the status of the processed data. The data remains personal data, but you can use pseudonymisation as a security measure to protect the data in your IT systems (as per article 32 in GDPR)

Did this answer your question?