On 28 January 2021, the European Union Agency for Cybersecurity (ENISA) released a report on data pseudonymisation techniques (the Report).
The Report, which aims to support controllers and processors implementing data pseudonymisation as an important security and data privacy measure, provides detailed guidance on basic and advanced pseudonymisation techniques, such as asymmetric encryption, secure multiparty computation and pseudonymisation based on multiple identifiers or attributes and others. It also includes examples of how pseudonymisation can be used in the healthcare sector and for cybersecurity information sharing.
The Report recommends further discussion on the adoption of pseudonymisation techniques at an EU and Member State level. ENISA also flags the significance of pseudonymisation (in particular the advanced pseudonymisation techniques) as a potential supplementary measure for cross-border data transfers following the CJEU decision in Schrems II.
The Report recommends the following steps when considering and implementing a pseudonymisation technique:
The ENISA press release is available here and the Report is available here.