Replacing identifying fields with a pseudonym so data can't be attributed to a person without separately-kept extra information.
Pseudonymisation processes personal data so it can no longer be attributed to a specific person without additional information, which is kept separately and secured.
It is still personal data (unlike anonymisation), but the GDPR treats it as a strong security and data-protection-by-design measure.
In the Regulation
Related terms
AnonymisationIrreversibly stripping data of anything that could identify a person — after which the GDPR no longer applies.Data protection by design and by defaultBuilding data protection into systems from the outset, and defaulting to the most privacy-friendly settings.Personal dataAny information relating to an identified or identifiable living person, from a name or email to an IP address or location data.
Need this applied to your business?
Our data-protection lawyers turn GDPR terms into a working plan.