TY - BOOK ED - European Union Agency for Network and Information Security TI - Recommendations on shaping technology according to GDPR provisions: An overview on data pseudonymisation SN - 978-92-9204-281-3 PY - 2018/// CY - Attiki, Greece PB - ENISA KW - Tecnologías habilitadoras digitales KW - computer network KW - data protection KW - data-processing law KW - digital technology KW - information storage KW - information technology KW - Internet access provider KW - mobile phone KW - protection of privacy KW - regulation of telecommunications KW - software N1 - Contiene bibliografía N2 - Pseudonymisation is an established and accepted de-identification process that has gained additional attention following the adoption of the General Data Protection Regulation (GDPR), where it is referenced as both a security and data protection by design mechanism. As a result, in the GDPR context, pseudonymisation can motivate the relaxation to a certain degree of data controllers’ legal obligations if properly applied. In this report, we present an overview of the notion and main techniques of pseudonymisation in correlation with its new role under GDPR. In particular, starting from the definition of pseudonymisation (as well as its differences from other key techniques, such as anonymization and encryption), the report first discusses its core data protection benefits. Following this analysis, the report then addresses some techniques that may be utilised for pseudonymisation, such as hashing, hashing with key or salt, encryption and other cryptographic mechanisms, tokenization, as well as other relevant approaches. Last, certain pseudonymisation use cases and best practices are discussed, focusing especially on the area of mobile apps and revisiting some of the earlier discussed techniques. Although the report does not seek to conduct a detailed analysis of the different aspects related to specific pseudonymisation methods and implementations, it touches upon some of the key issues in this regard. However, further research is needed, as well as practical experience, involving all stakeholders in the field UR - https://publications.europa.eu/en/publication-detail/-/publication/0e1ca64f-29c7-11e9-8d04-01aa75ed71a1/language-en/format-PDF/source-86095141 ED - European Union Agency for Network and Information Security ER -