Pseudonymization is a process of modifying person-specific (i.e., personal) data by using an assignment rule in such a way that the individual data pertaining to personal or material circumstances can no longer be attributed to an individual person without knowledge or use of the assignment rule.
To that end, for example, the identification data are converted by a mapping instruction into an arbitrarily selected identifier (the pseudonym).
The aim of such a method is to enable the link to the person to be re-established only if needed and if previously defined boundary conditions are met.
Under § 3, section 6a BDSG [German Federal Data Protection Act], pseudonymized data are data that are linkable to a person, because, by definition, an assignment between the pseudonym and the name of the person should be possible, in principle. Conversely, however, under § 3, section 6a BDSG, the pseudonymization is intended to virtually exclude or at least hinder a random re-identification. Thus—apart from the existence of an assignment function—the pseudonymization must achieve the quality of effectively anonymized data for third parties. To this end, suitable mathematical methods are employed, including the filling of data records, to effectively prevent the re-identification thereof.
There are also cases where solely the concerned person can remain excluded from the re-identification. Note regarding definition and delimitation “pseudonymization” and “anonymization:” compare excerpt (pp. 274 through 280) from the commentary on the German Federal Data Protection Act (Simitis).