Personal data are the raw material of the future. The new European data protection law introduced by the General Data Protection Regulation (GDPR) puts businesses in charge of protecting personal data by requiring the relevant companies (controllers) to ensure data protection by design and by default. According to the GDPR, the pseudonymization of personal data is a suitable means of meeting this requirement.
As part of the 2017 Digital Summit, the Focus Group on Data Protection of the Platform Security, Protection and Trust for Society and Business published a white paper that includes guidelines for the legally compliant use of pseudonymization solutions, taking into account the requirements of the GDPR (available in German at https://www.gdd.de/downloads/whitepaper-zur-pseudonymisierung
The white paper explains the context in which pseudonymization plays a role under the provisions of the GDPR and provides valuable tips and practical examples for legally compliant use.Practical tip:
Art. 25 GDPR obligates controllers to implement the required data protection also by the design of the IT they are using and by data protection-friendly defaults. One example is the early and comprehensive pseudonymization of personal data. For this purpose, the white paper provides useful tips to avoid impending fines.