Published on 02/02/2021
ENISA’s new report explores pseudonymisation techniques and use cases for healthcare and information sharing in cybersecurity.
The European Union Agency for Cybersecurity (ENISA) released its report on pseudonymisation for personal data protection – Data Pseudonymisation: Advanced Techniques and Use Cases – providing a technical analysis of cybersecurity measures in personal data protection and privacy. This new work builds on the Agency’s past work on pseudonymisation techniques and best practices by exploring further, advanced pseudonymisation techniques and specific use cases in such areas as healthcare and information sharing in cybersecurity.
While not a new process, pseudonymisation came into the spotlight in 2018 with the enforcement of the General Data Protection Regulation (GDPR), which references pseudonymisation as a security and data protection by design mechanism. Although the deployment and proper application of data pseudonymisation techniques have become highly debated, the overall context of the processing is considered as an important aspect for implementation. Therefore, pseudonymisation should be combined with a thorough security and data protection risk assessment.
EU Agency for Cybersecurity Executive Director Juhan Lepassaar said: “Cybersecurity techniques are an integral part to meet data protection obligations, and allow users to enjoy fully their fundamental rights to personal data protection and privacy.”
As there is no one-size-fits-all pseudonymisation technique, a high level of competence is needed to reduce threats and maintain efficiency in processing pseudonymised data across different scenarios. The ENISA report aims to support data controllers and processors in implementing pseudonymisation by providing possible techniques and use cases that could fit different scenarios.
The report underlines the need to take steps that include the following: