Speaker 1: Welcome everyone. My name is Felix Rosbach and I'm working at the product team here at Comforta. In this lightbulb series we are going to discuss data security and this video is all about the difference between anonymization and pseudonymization. So why is this important? In the past few years billions of data records have been stolen and according to statistics only 4% of them were protected in a way that they were useless for attackers. So the rest may very well be for sale in the dark web. And to help companies to deal with those breaches there are regulations and standards that describe how to protect the data. While a few of them are fairly specific when it comes to describing the protection methods, most of them are pretty vague. And anonymization and pseudonymization are in the broad discussion since they appeared in GDPR. So what is the difference? The difference between pseudonymization and anonymization is basically all about the ability to de-identify personal information. So let's talk about anonymization first. When anonymized data is changed in a way that the individual can no longer be identified. You can do that for example by masking or deletion. So one benefit of anonymization is that the data is not considered personal identifiable information anymore and you can use it in any way you want. The problem of anonymization is that it's a risky thing. While it sounds fairly simple, in real life you have to make sure that there is no correlation between different databases that allows the identification of an individual and that you change the data in a way that it's really anonymizing that personal identifiable information. And it's irreversible which means you can't get back to the original data set which might not be the right solution when it comes to processing or data analytics. For example, on the other side we have pseudonymization. When pseudonymized data is processed in a way that it cannot be attributed to a specific person without the use of additional information. So data is only then considered really pseudonymized when you keep this information, this secret, separate from the data. As pseudonymization is reversible, it is still considered personal identifiable information and you have to have consent to use that data. But the good thing is, according to GDPR, if the data is protected with strong protection methods, you don't have to disclose a breach if the data gets stolen. So there are many ways to implement both techniques. But for pseudonymization, tokenization is a fairly good approach because it still keeps the usability of the data and it allows you to monetize the data, for example with data analytics. Feel free to watch our video where we explain tokenization in more detail and thank you for watching.