OneTrust Certified Privacy Professional Practice Exam

What is the key difference between encryption and pseudonymization under GDPR?

• A. Encryption is a temporary measure, while pseudonymization is permanent
• B. Encryption secures data during processing, while pseudonymization anonymizes data
• C. Encryption secures data in transit or at rest, while pseudonymization replaces identifiers to reduce data linkability
• D. There is no difference; both terms mean the same

The correct answer is: Encryption secures data in transit or at rest, while pseudonymization replaces identifiers to reduce data linkability

The key difference between encryption and pseudonymization lies in their methods and purposes regarding data protection under GDPR. Encryption involves transforming data into a secured format that is unreadable without a decryption key, effectively ensuring that data remains confidential during transmission or while stored. This method secures data in transit or at rest, making it inaccessible to unauthorized parties. On the other hand, pseudonymization is a process that replaces identifiable information with pseudonyms. This technique helps reduce the direct linkability of data to an individual without altering the underlying data itself. While pseudonymized data may still be attributed to an individual through additional information (like a key or master list), it is designed to enhance privacy by minimizing the exposure of identifiable data. Understanding these distinctions is crucial for compliance with GDPR principles, as encryption focuses on securing data from unauthorized access, whereas pseudonymization aims at reducing the identifiability of personal data while allowing for some level of data utility in a way that protects individual privacy.