Does Zaurus pseudonymise and / or anonymize personal data?


In the General Data Protection Regulation (GDPR), the quality of data and the de-minimization of processing are important principles for the careful handling of personal data. The law mentions pseudonymised data as a preferred solution for processing personal data that is no longer used directly.


What is the difference between anonymizing versus pseudonymizing?

There is often a lack of clarity about the terms anonymisation and pseudonymisation. However, both concepts are far from comparable.

  • With pseudonymization, anonymous data can be made transparent with the correct key, making it possible to trace back to natural persons.
  • Anonymization, on the other hand, revolves around encryption that is not reversible: once personal data has been stripped of identifying data, it is no longer possible to associate it with people again later.


When does the GDPR apply?

The difference between anonymized and pseudonymized data is important because the GDPR does not apply to completely anonymised data. The rules from the GDPR still apply to pseudonymised data. After all, the encryption process in pseudonymisation is reversible. After pseudonymisation, the data can be traced back to a person and therefore the GDPR applies.


Zaurus only uses pseudonymization of personal data.