-1

In readiness for the new GDPR legislation that is coming in on May 25th, I am trying to understand what pseudonymization means in the context of web development.

The info I've read infers that it is not the same as encryption. Could someone elaborate on exactly what it means, and how it could be implemented in for example a PHP/mysql context?

Marc
  • 141
  • 1
  • 6
  • It's not the same as encryption, you're right. Pseudonymisation is replacing any aspects of data which could be used to identify the subject. –  May 01 '18 at 08:48
  • Replacing them with what? Just some a random string, stored in another table? – Marc May 01 '18 at 08:48
  • 1
    Something that can no longer be used to identify the subject, of course. Maybe this might help: https://www.protegrity.com/pseudonymization-vs-anonymization-help-gdpr/ –  May 01 '18 at 08:49
  • After reading that link, my understanding is that tokenization is one means of pseudonymization, and that a codebook is used to store the list of tokens and equivalent values. One thing that isn't clear to me, again in a PHP/mysql context, is where the codebook should be stored. Should it just be another database table, or stored to a file? – Marc May 01 '18 at 08:58

1 Answers1

2

GDPR says what to do, not how to do it. There are various tokenization technologies out there. I wouldn't store the lookup table in the same database, as if the token data can be compromised, it's likely the other table can as well. The conversion code book, or transform key, should be stored elsewhere. Here are some links which may be of use.

My former employer (full disclosure) has a product to do this: https://www.voltage.com/technology/tokenization-and-key-management/hpe-secure-stateless-tokenization/

They also have a white paper on Tokenization: https://www.voltage.com/wp-content/uploads/Voltage_White_Paper_SecureData_SST_Data_Protection_and_PCI_Scope_Reduction_for_Todays_Businesses.pdf

And, of course, the required Wikipedia entry: https://en.wikipedia.org/wiki/Tokenization_(data_security)

JesseM
  • 1,882
  • 9
  • 9