IPEN webinar 2021: “Pseudonymous data: processing personal data while mitigating risks”

The EDPS organised on 9 December 2021 an Internet Privacy Engineering Network (IPEN) webinar entitled:

“Pseudonymous data: processing personal data while mitigating risks” 

IPEN events bring together privacy experts and engineers from public authorities, industry, academia and civil society to discuss relevant challenges and developments for the technological implementation of data protection and privacy.

The workshop focused on the guidance on and practical use of “pseudonymisation techniques” to mitigate data protection risks when processing personal data . While the GDPR obliges to delete or anonymise personal data when there is no (more) lawful purpose to keep them in a way that enables identification, pseudonymisation techniques offer technical and organisational measures to mitigate data protection risks when it is (still) necessary to process personal data. After the Schrems II ruling, the debate on pseudonymisation has gained momentum as many consider it as the most viable “supplementary measure” to transfer personal data to third countries not offering an equivalent level of protection. The aim of the webinar was to give an opportunity to increase awareness on existing guidance, explore options and challenges and offer organisations an understanding of what tools and advice are available to implement pseudonymisation effectively and avoid major pitfalls.


14:00 - 14:10




  • Introduction to the session, explaining format and content



Thomas Zerdick, EDPS

14:10 - 14:20



Wojciech Wiewiórowski,

European Data Protection Supervisor

14:20 - 14:40


On overview of existing pseudonymisation techniques 


Prokopios Drogkaris

European Union Agency for Cybersecurity (ENISA)

14:40 - 14:50





14:50 - 15:05

Pseudonymisation As a Service


Cédric Lauradoux

Institut national de recherche en informatique et en automatique (INRIA)

15:05 - 15:20



Cryptography at the service of pseudonymisation


Konstantinos Limniotis 

National and Kapodistrian University of Athens and Hellenic DPA

15:20 - 15:35

Data subject access requests for pseudonymised diagnostic data


Sjoera Nas

Privacy Company

15:35 - 15:45




15:45 - 16:00

Coffee break / coffee room


16:00 - 16:30

Pseudonymisation in healthcare research and practice


Prof.Dr. Fabian Prasser

Medical Informatics Lab

Berlin Institute of Health / Charité – Universitätsmedizin Berlin

16:30 - 16:45



How GDPR fosters pseudonymisation in academic research – The perspective of a university hospital DPO


Griet Verhenneman 

Data Protection Officer - UZ Leuven

16:45 - 16:55




16:55 - 17:25

Pseudonymisation: some feedback from supervisory authorities 

Presentation (Monir Azraoui)

Video (Monir Azraoui)

Presentation (Benjamin Walczak)

Video (Benjamin Walczak)

Monir Azraoui 

Commission nationale de l'informatique et des libertés (CNIL)


Benjamin Walczak - ULD (Schleswig Holstein DPA)

17:25 - 17:35




17:35 – 17:45

Session closing 


Massimo Attoresi, EDPS

17:45 – 18:10

Networking Chat



To know how we process your persona data please read the Data Protection Notice.

For any other enquiry, please contact

For more information about the Internet Privacy Engineering Network, please check the IPEN homepage and the IPEN Wiki.