Skip to content
Gallery
savvi-logo-colour
SAVVI
Welcome
About SAVVI
The SAVVI Declaration
SAVVI Playbook
Data Standards
Catalogue
Case Studies
Videos
News
Getting Involved
Resources
Share
Explore
Resources

Pseudonymisation

What is Pseudonymisation?

Pseudonymisation is a technique that replaces or removes information in a data set that identifies an individual, it is defined in GDPR as
“…the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.”
Pseudonymization is a recognized and increasingly important method for privacy protection of personal information where some individualized intervention is required. It is commonly used in basic research e.g., clinical trials, public health monitoring and assessments of individuals.
In practice, it may involve replacing names and/or other identifiers which are easily attributed to individuals with, for example, a reference number. Technical and organisational measures are then put in place to ensure that the additional information that would be necessary to link the reference back to an individual, are held sedately and securely.
Whilst pseudonymising personal data can reduce the risks to the data subjects and help the data processor meet its data protection obligations, it is however, only a security measure and does not change the status of the data as personal data. GDPR Recital 26 makes it clear that pseudonymised personal data remains personal data and within the scope of the UK GDPR:
“…Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person…”

More guidance on Pseudonymisation:

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/
https://icosearch.ico.org.uk/s/search.html?query=pseudonymisation&collection=ico-meta&profile=_default
Health informatics — Pseudonymization (ISO 25237:2017) – Available from ISO

Using Pseudonymisation in SAVVI

During the
Purpose
phase of a SAVVI, the
@Lead Organisation
will investigate potential sources of data that may be used as
@Vulnerability Attribute
s. Two potential examples where pseudonymization may be applied are:
A
@Source Organisation
may support the proposed use of the data but have concerns about its relevance to the stratification process. It may agree to release a limited sample pseudonymised set to the
@Lead Organisation
for test and evaluation purposes, prior to committing to enter into a formal data sharing agreement with data that is not pseudonymized.
A
@Source Organisation
may be concerned about the bulk use of its data for profiling of people. Depending on the algorithms used for the
@Risk Stratification Policy
, and taking into account potential risk of re-identification of pseudonymised records, the
@Source Organisation
may be prepared to approve release of pseudonymized data. In this scenario, the
@Lead Organisation
would process the pseudonymized data and, request the identification data for those records of interest.
In the above examples the
@Source Organisation
is using pseudonymization as a risk management tool by limiting access to the person identification data. Its use will still require appropriate security measures to be adopted as it remains personal data.

Re-identification

The pseudonymisation process requires a separate instance of the
@Risk Index
, in which the
@Source Organisations
have provided data where
@Residences
are identified only by a common generated identifier. The identifier cannot be unencrypted to discover the actual address, but can be matched to the same identifier from other
@Source Organisations
.
In this way, each household can be assessed against the
@Risk Stratification Policy
.
If there is a need to subsequently link the pseudonymised data back to individuals, the pseudonymisation should be carried out by a specialist data processing service, using specialist software solutions, acting as a ‘Trusted Third Party’ so that
@Source Organisations
are assured that their data is being accessed appropriately.

Load content from www.digitalservicedesigner.com?
Loading external content may reveal information to 3rd parties. Learn more
Allow
Load content from www.digitalservicedesigner.com?
Loading external content may reveal information to 3rd parties. Learn more
Allow
Load content from www.digitalservicedesigner.com?
Loading external content may reveal information to 3rd parties. Learn more
Allow
Load content from www.digitalservicedesigner.com?
Loading external content may reveal information to 3rd parties. Learn more
Allow
Load content from www.digitalservicedesigner.com?
Loading external content may reveal information to 3rd parties. Learn more
Allow
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.