Personal data anonymization and pseudonymization differ in one key aspect. Data anonymization irreversibly destroys all means of identification. Pseudonymization, on the other hand, replaces a person's identity in such a way that additional information is required to re-identify him.
Data anonymization creates data for which it is no longer possible to identify the data subject. Anonymized data must be stripped of all identifiable information, which makes it impossible to see the person, even by the party responsible for the data anonymization. Properly performed anonymization of data makes processing and storage of personal data be excluded from the scope of the GDPR.
Data pseudonymization, on the other hand, is processing of personal data in such a way that it can no longer be assigned to a specific data subject without use of additional information, keeping the de-identified data separate from ‘background information’. Thanks to data pseudonymization, controllers can use new, less stringent standards, e.g., GDPR allows processing of pseudonymized data for purposes other than the purpose for which they were originally collected.