Certified Information Privacy Professional – Europe (CIPP/E) — Question 126

According to the GDPR, how is pseudonymous personal data defined?

Answer options

• A. Data that can no longer be attributed to a specific data subject without the use of additional information kept separately.
• B. Data that can no longer be attributed to a specific data subject, with no possibility of re-identifying the data.
• C. Data that has been rendered anonymous in such a manner that the data subject is no longer identifiable.
• D. Data that has been encrypted or is subject to other technical safeguards.

Correct answer: A

Explanation

The correct answer, A, accurately describes pseudonymous data as it requires additional information to identify the data subject. Option B is incorrect because it suggests total irreversibility, which does not apply to pseudonymous data. Option C defines fully anonymous data, not pseudonymous, and option D refers to encryption, which does not necessarily mean the data is pseudonymous.