Privacy in Practice with Smart Pseudonymization: Lessons from the Belgian Public Sector by Verslype

Pseudonymization is encouraged by GDPR and can help organizations become more compliant with data protection regulations while still allowing data utility

Format-preserving pseudonymization maintains the structure of original identifiers (like social security numbers), allowing legacy systems to continue functioning without modifications

Three key principles guide secure pseudonymization:

• Privacy by design (considering privacy during initial design)
• Separation of duties (entities managing protected data separate from those managing protection)
• Simplicity (reducing complexity which can compromise security)

Blind pseudonymization allows secure data sharing where services only see pseudonyms, not original identifiers, creating better separation of duties

Using production data in test/acceptance environments is widespread (60% of organizations) but creates privacy risks - pseudonymization can help protect this data while maintaining utility

Purely fictional test data is often impractical due to:

• Missing real-world edge cases
• High creation/maintenance costs
• Integration issues with external services

The solution enables secure data joining across multiple sources while ensuring:

• Data sources don’t learn new personal data
• Minimal required data exposure
• Uniform pseudonymization process

Technical benefits include:

• Efficient symmetric encryption
• No key management needed client-side
• Simple REST API interface
• Graceful error handling

Implementation challenges include:

• Getting organizational support
• Complex public sector rules
• Legacy system constraints
• Development complexity

The approach has been validated through academic review and is already protecting medical data in Belgian public sector applications