GDPR makes data anonymization a must. When the legal grounds end, your data sources cannot store personally identifiable information.
Simultaneous deletion of entire history of related information together with personal data deprives the organization of valuable data that can be used for future analysis, such as sales or marketing. Therefore, the best option is to effectively de-identify personal data while keeping related information. SensID Mask software allows you to implement de-identification for both databases and documents or mail effectively.
Data protection principles should therefore not apply to anonymous information, that is to say, information that does not relate to an identified or identifiable natural person...
Personal data anonymization and pseudonymization differ in one key aspect. Data anonymization irreversibly destroys all means of identification. Pseudonymization, on the other hand, replaces a person's identity in such a way that additional information is required to re-identify him. Data anonymization creates data for which it is no longer possible to identify the data subject. Anonymized data must be stripped of all identifiable information, which makes it impossible to see the person, even by the party responsible for the data anonymization. Properly performed anonymization of data makes processing and storage of personal data be excluded from the scope of the GDPR.
Data pseudonymization, on the other hand, is processing of personal data in such a way that it can no longer be assigned to a specific data subject without use of additional information, keeping the de-identified data separate from ‘background information’. Thanks to data pseudonymization, controllers can use new, less stringent standards, e.g., GDPR allows processing of pseudonymized data for purposes other than the purpose for which they were originally collected.
