Anonymisation means the processing of personal data in such a way that the personal data can no longer be assigned to a specific person without the need for further information. If additional information is available, it must be stored separately. In addition, the anonymisation of personal data helps to increase the security of processing (Article 32 (1) (A) GDPR). What many do not know, even pseudonymous data are subject to privacy!
Now let’s look at the difference between anonymization and pseudonymisation in theory and practice:
Anonymization: § 3 para. 6 “the modification of personal data in such a way that the details of personal or factual circumstances can no longer or only with a disproportionate amount of time, cost and labor of a specific or identifiable natural person can be assigned.”
Pseudonymisation: § 3 Abs. 6a BDSG “the replacement of the name and other identification features by a mark for the purpose of excluding or substantially complicating the determination of the person concerned.”
|files number||first name||last name||illness||treatment|
|filey number||first name||last name|
Including all available information (Table 1 and Table 2), conclusions can be drawn about a specific person. In pseudonymization, therefore, there are more data that serve to uniquely identify a person. Therefore, they must be stored separately as described above.
Thus, it can be concluded that even anonymous and pseudonymous data should not be handled carelessly. Therefore, it is recommended to keep a close record of what data is stored and processed.