The General Data Protection Regulation (GDPR) has strong requirements to protect the personal data of European Union (EU) data subjects “by design and by default.“ Though the GDPR doesn’t contain detailed technical requirements for data security, it does call out the use of pseudonymization as an appropriate mechanism for data protection. So, what is pseudonymization?
Pseudonymization is defined in Article 4(5) of the GDPR as:
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
In other words, pseudonymization is the replacing of identifying or sensitive data with a pseudonym. This is synonymous with tokenization, the replacing of sensitive data with a token, a technology utilised by the Payment Card Industry for years to protect payment card information (PCI).
This whitepaper looks at the complete list of PCI DSS and GDPR Controls for organisations, including Pseudonymization, Tokenisation, High-Level Flow and more.
To read the full in-depth whitepaper by Tokenex fill in this form:
European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.