Читать книгу Privacy and Data Protection based on the GDPR - Leo Besemer - Страница 40
1.3.1.3 Pseudonymized personal data
ОглавлениеData pseudonymization is the process of disguising identities. The aim of such a process is to be able to collect additional data relating to the same individual without having to know his or her identity. Pseudonymization is one of the means mentioned in the GDPR to prevent unauthorized access to personal data.
An example might be a camera registering how many unique cars pass under a bridge on a road. The license plate number is indirect personal data. The controller would then replace each license plate number with a unique key (called a pseudonym), keeping a separate table linking each key to the corresponding license plate. The controller could then send this pseudonymized data to a processor, keeping the key in a safe place. This way the processor has no way to identify who has passed the bridge.
Pseudonymized data is a kind of indirect personal data, where the additional data required to identify the data subjects (the pseudonym) is only available to the controller. The process is reversible as long as the key exists. Consequently, pseudonymized data on a person is considered (indirect) personal data, because identification is still technically possible.