European Union Agency for Network and Information Security
Recommendations on shaping technology according to GDPR provisions An overview on data pseudonymisation enisa
.-- Prokopios Drogkaris ; Athena Bourka
.-- Attiki, Greece ENISA november 2018
.-- 43 p. 1 fichero .pdf
Contiene bibliografía
Pseudonymisation is an established and accepted de-identification process that has gained additional attention following the adoption of the General Data Protection Regulation (GDPR), where it is referenced as both a security and data protection by design mechanism. As a result, in the GDPR context, pseudonymisation can motivate the relaxation to a certain degree of data controllers’ legal obligations if properly applied. In this report, we present an overview of the notion and main techniques of pseudonymisation in correlation with its new role under GDPR. In particular, starting from the definition of pseudonymisation (as well as its differences from other key techniques, such as anonymization and encryption), the report first discusses its core data protection benefits. Following this analysis, the report then addresses some techniques that may be utilised for pseudonymisation, such as hashing, hashing with key or salt, encryption and other cryptographic mechanisms, tokenization, as well as other relevant approaches. Last, certain pseudonymisation use cases and best practices are discussed, focusing especially on the area of mobile apps and revisiting some of the earlier discussed techniques. Although the report does not seek to conduct a detailed analysis of the different aspects related to specific pseudonymisation methods and implementations, it touches upon some of the key issues in this regard. However, further research is needed, as well as practical experience, involving all stakeholders in the field
978-92-9204-281-3
10.2824/74954 . doi
Tecnologías habilitadoras digitales
computer network data protection data-processing law digital technology information storage information technology Internet access provider mobile phone protection of privacy regulation of telecommunications software