Pseudonymisation and Anonymisation of Personal Data
Pseudonymisation and anonymisation are two techniques for reducing the privacy risk of personal data — allowing it to be used for analytics, testing, and research purposes while limiting exposure of individual identities.
Pseudonymisation
Pseudonymisation replaces identifying information with pseudonyms — artificial identifiers that do not directly identify an individual. The mapping between pseudonyms and real identities is held separately and securely. Pseudonymised data is still personal data under UK GDPR — if the mapping is available, individuals can be re-identified. Pseudonymisation reduces risk and is recognised by the UK GDPR as a protective measure, but does not exempt data from GDPR obligations.
Anonymisation
Truly anonymised data is not personal data — once anonymised, GDPR does not apply. True anonymisation requires that re-identification is not reasonably possible — even by combining the data with other available information. This is technically difficult to achieve, particularly for small populations or data with many attributes.
Practical Applications
- Analytics: Replace user IDs with pseudonyms in analytics databases — aggregate analysis is possible without linking to individuals
- Testing environments: Use pseudonymised or synthetically generated data in test environments — not real production personal data
- Data sharing: Share pseudonymised datasets with partners or researchers where full data is not needed
- Audit logs: When responding to right-to-erasure requests, pseudonymise references in audit logs rather than deleting the audit record (which may be required for legal or compliance purposes)