What is Pseudonymization?
Pseudonymization is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field. The purpose is to render the data record less identifying and therefore lower customer or patient objections to its use. Data in this form is suitable for extensive analytics and processing.
The choice of which data fields are to be pseudonymized is subjective, but should include all fields that are highly selective that include GDPR sensitive personal data, for example your social security number and driving license number. Date of birth and zip code are also included because they are usually available from other sources and therefore make a record easier to identify. Pseudonymizing these less identifying fields removes most of their analytic value and should therefore be accompanied by the introduction of new derived and less identifying forms, such as birth year or a larger zip code region. Ask for tips in your Natuvion one-day workshop.
The GDPR, Pseudonymization and SAP systems
A new concept of 'pseudonymization' (GDPR Article 4) is defined as the processing of gdpr sensitive personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. In a nutshell, this means you can pseudonymize data in your production SAP systems to reduce the risk of not being GDPR compliant.
Organizations which implement pseudonymization techniques IN THEIR SAP SYSTEMS enjoy various benefits under GDPR.
If you pseudonymize the gdpr sensitive data in your SAP production systems it reduces the risk of GDPR fines and individual claims because in the event of a data breach, it is much less likely that pseudonymous data will cause harm to the affected individuals,