Pseudonymous data: processing personal data while mitigating risks
![](/sites/default/files/styles/thumbnail/public/blog_author_picture/thomas-zerdick_100x100.jpg?itok=8ohbPT2m)
The first rule in data protection is: if you do not need personal data, do not collect personal data.
I believe that the second rule in data protection is: if you really need personal data, then start by pseudonymising this personal data.
Pseudonymisation is a foundational technique to mitigate data protection risks. The EU’s personal data protection legislation defines pseudonymisation as the processing of personal data in such a way that this data can no longer be attributed to a specific individual, without the use of additional information.