De-identification requirements have been an issue of concern for many companies as they prepare for the GDPR's May 25th effective date. The GDPR requires organizations to implement security measures that will protect data subjects' information and includes sections on pseudonymization and anonymization methods.

While the GDPR includes specifics around de-identification, EU Member States also have their own requirements and regulations. Some of these align closely with the GDPR, while others expand beyond the GDPR's requirements or have little to say on the subject at all (which can be the source of much confusion).

Within this guide, the Focal Point Data Privacy team examines: 

  • How the GDPR defines de-identification
  • The current and past de-identification requirements of EU Member States
  • How these regulations align and vary from the GDPR
  • The de-identification terminology used by EU Member States
  • Specific requirements that arise when it comes to the handling of health data

This guide includes an interactive summary chart that provides a brief overview of each state's requirements and then goes into greater detail on their specific regulations. Fill out the form to your right to learn more about de-identification and the GDPR.

Your privacy is important to us. We never share your personal information with third parties.