Unlike Turkish Personal Data Protection Law numbered 6698 (PDPL), General Data Protection Regulation (GDPR) introduces the new concept of “pseudonymization” as a means of protecting the rights of individuals while also allowing controllers to benefit from the data.
Pseudonymization replaces the individual’s name and other identifying features with another identifier to make it impossible or extremely difficult to identify the individual. Pseudonymisation bridges the gap between personal and anonymous data. Pseudonymised data still allows for some form of re-identification, while anonymous data cannot be re-identified.
Although pseudonymised data still falls within the scope of the GDPR, some provisions are relaxed to encourage controllers to use pseudonymization. These incentives are stipulated in five different sections of the GDPR.
- Pseudonymization may facilitate processing personal data beyond original collection purposes.
- Pseudonymization is an important safeguard for processing personal data for scientific, historical and statistical purposes.
- Pseudonymization is a central feature of “data protection by design.”
- Controllers can use pseudonymization to help meet the GDPR’s data security requirements.
- Controllers do not need to provide data subjects with access, rectification, erasure or data portability if they can no longer identify a data subject.
We believe that pseudonymisation techniques will be useful to minimize privacy risks and therefore reduce the potential for non-compliance. Furthermore, the availability of pseudonymisation techniques can encourage greater innovation.
Please contact Deniz Eren for more information.