The Redaction Decision
When protecting sensitive data, you face a fundamental choice:
Permanent redaction: Data is irreversibly removed. No recovery possible.
Reversible encryption: Data is encrypted. Can be decrypted with proper authorization.
This choice has implications for compliance, legal discovery, research, and audits. Choose wrong, and you may find yourself unable to comply with court orders or regulatory requests.
GDPR: Anonymization vs. Pseudonymization
GDPR explicitly distinguishes between two approaches:
Anonymization (Article 26)
Data that can no longer be attributed to a specific individual is not personal data. GDPR doesn't apply.
Requirements:
- Irreversible (no re-identification possible)
- No additional information can enable re-identification
- Truly anonymous data is outside GDPR scope
Pseudonymization (Article 4(5))
Data where identifiers are replaced with tokens that can be reversed with additional information.
Key points:
- Still considered personal data under GDPR
- Counts as a security measure (Article 32)
- Reduces risk in case of breach
- Allows data processing for research (Article 89)
| Approach | GDPR Status | Reversible | Use Case |
|---|---|---|---|
| Anonymization | Not personal data | No | Public datasets |
| Pseudonymization | Personal data (protected) | Yes | Internal processing |
Why Permanent Redaction Can Be Problematic
1. Legal Discovery
Courts can ord...