Skip to content

What is the Difference Between Anonymised and Pseudonymised Data in England?

Table of Contents

Your organisation will process many different types of information during its day-to-day running. Most data will contain identifiers to an individual, such as an order record containing a customer’s name and home address. However, you may also hold information that does not identify the relevant person. This information may have been ‘anonymised’ or ‘pseudonymised’. As a business owner, it is vital to understand the difference between each type of data and treat each differently under the General Data Protection Regulation (GDPR). This article will explain the differences between anonymised and pseudonymised information and your obligations under the GDPR. 

What is the GDPR?

The GDPR (or ‘UK GDPR’) is shorthand for General Data Protection Regulation. This law obligates your business to handle, store and move information in specific ways.  

The Information Commissioner’s Office (ICO) enforces data protection rules in England. If your company breaches the GDPR, you could face a heavy fine from the ICO.  

What is Anonymised Data?

Anonymised data is another way of describing anonymous information. It can result from carrying out an anonymisation system to ensure information does not identify the relevant person.

Since anonymous data cannot identify any particular individual, it is not ‘personal data’ in terms of the GDPR. This means that the ICO is unlikely to investigate anonymous data because it only protects the identification and harm of data relating to individuals.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

What is Pseudonymised Data?

Pseudonymous data is information that, at an early stage, contains data that identifies individuals but is then run through pseudonymisation techniques. These techniques replace or remove all identifying information so that the remaining data is clean and anonymised.

Pseudonymised data is slightly different to truly anonymised data because it is possible to reverse engineer the identity of each individual with the original data. In contrast, this is not possible with truly anonymised data.

Accordingly, pseudonymised information is ‘personal data’ under data protection law.

Why Use Pseudonymised Data?

Your business may use pseudonymisation data as you can draw vital information from it. For example, you may notice trends such as staff above 40 years old being less happy or staff with more than 10 years’ service being happier than newer employees. In comparison, truly anonymised data would show a percentage of happy versus unhappy staff, with no further information.

It is becoming more common for HR personnel to replace the names of job candidates with a number (e.g. ‘Candidate 4’). Many organisations do so to try and ensure equality and safeguard themselves against future accusations of discrimination from unsuccessful job candidates.

The advantage of using pseudonymised data usually outweighs the obligations placed on your company by the GDPR when handling that data.

Front page of publication
UK Startup Manual

LegalVision’s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.

Download Now

Collecting Pseudonymised and Anonymised Data

If you collect anonymised data, your company will collect the information confidentially. In contrast, if you collect pseudonymised data, your company will appoint someone to obtain the information and then replace or remove identifying information.

Collecting Using anonymised Data Process

Anonymisation Process

If you collect anonymised data, you will likely: 

  • invite all staff to use the same web link to provide their feedback;
  • ensure the questions within the survey do not help identify them, so for example, do not ask for their specific start date or their age;
  • avoid asking for contact details or names at the end; and
  • send all the data as one to the company.

When collecting anonymised data, your company will receive pure feedback without mentioning the age, name, start date etc.

Pseudonymisation Process

If you wish to differentiate the feedback of newer staff members from employees with more extended service, you could run a pseudonymisation process as follows:

  • invite staff to use a specific web link each to provide their feedback;
  • ask them for vague but personal details, so for example, asking them to tick a box to describe their age range, such as between 31-40, 41-50, etc. and select a box to insert their starting year;
  • have each set of results sent to the company one by one and recorded in a spreadsheet; and
  • when all information is received, remove identifying information.

The usual method of removing identifying information is to provide each staff member with an identification number. For example, you may designate an employee ‘Employee Two’ and, instead of recording ‘seven years’ service’, it could be recorded being ‘between 6-10 years’ service’.

Key Takeaways

As a business owner, you may decide there are instances when you wish to use anonymised data and other times when pseudonymised data is more suitable. For example, pseudonymised data may give you more detailed information. However, it is essential that you know the difference between anonymised data and pseudonymised data because only the latter counts as ‘personal data’. Failure to treat personal information safely and securely can lead to an ICO investigation and a potentially heavy fine against your company.

If you need help with data protection requirements and the safe handling of anonymised and pseudonymised data, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Frequently Asked Questions

Why is pseudonymised data valuable?

Pseudonymised data can be valuable for obtaining more information about something.

When would my company keep information?

One example would be when considering annual sales figures and profit margins. Within accounts, your business is more likely to be interested in the exact figures and profit rather than the names and addresses of the relevant customers.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Thomas Sutherland

Thomas Sutherland

Read all articles by Thomas

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards