How do I anonymize or pseudonymize data?

Owned by Heather Hartman (Unlicensed)
Last updated: Oct 16, 2019
2 min read

Disclaimer

This article is written in collaboration with a law agency. However, it is intended for general information purposes only. It does not constitute a client-attorney relationship or personalized legal advice.

Anonymising data

Anonymising data means removing all information that links it to an identifiable real-world person. Examples include:

  • Name
  • Social Security Number or Personal Identification Number
  • E-mail address
  • IP-address
  • Physical address

Example: you ask for your visitors email address and favorite Pokémon. If a visitor asks you to delete their data, you can delete just their email address and keep the Pokémon data, since without the email, it is now effectively anonymous.

So simply put: just delete everything that allows you to trace the submitted data back to a real person and keep everything else.

You can configure The WordPress GDPR Framework to allow your visitors to do this automatically. It also provides tools for site administrators to do this via the dashboard and developers an API to do this via code. Read more here.

Pseudonymising

Pseudonymising means taking all information that links someone’s personal data to them and moving it to another location or database, separate from the rest of the data. The identifiable information is linked to the anonymous information via a pseudonym. Pseudonymising is an additional security measure – it assumes that you store the identifiable information in a more secure way than the rest of the data.

Example: you ask for your visitors email address and favorite Pokémon and regularly calculate which Pokémon is the crowd favorite. You don’t need to access the emails very often, so for safety, you keep the emails in a different, encrypted database. You could keep the data about favorite Pokémon in the same encrypted database as well, but accessing it is slower because of the encryption and you want your application to run fast. You assign a unique ID to each email and in the unencrypted database you keep only the IDs. Now, if someone hacks your website and steals the databases, they will only be able to see the data about Pokémons and the IDs – but not the email addresses, because they are encrypted. This is an additional layer of security which GDPR recommends to use especially for sensitive data.

The WordPress GDPR Framework does not currently provide the possibility to pseudonymise data. However, if you have a good use case, get in touch and we might add it!