In order to create incentives to apply pseudonymisation when processing personal data, measures of pseudonymisation should, whilst allowing general analysis, be possible within the same controller when that controller has taken technical and organisational measures necessary to ensure, for the processing concerned, that this Regulation is implemented, and that additional information for attributing the personal data to a specific data subject is kept separately. The controller processing the personal data should indicate the authorised persons within the same controller.
GDPR Recital EN
Recital 29
Related across sources
Guidance Guidelines 01/2021 Guidance Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications Guidance Guidelines 9/2022 on personal data breach notification under GDPR Guidance Guidelines 02/2024 on Article 48 GDPR Guidance Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation Guidance Guidelines 8/2022 on identifying a controller or processor's lead supervisory authority