Data Anonymization Strategy Template

Yes. GDPR Recital 26 states that pseudonymized data is personal data because it can be attributed to a person by using additional information (the lookup key). Pseudonymization reduces risk and can support a legitimate interest argument, but it does not remove the data from GDPR scope.

For most use cases, k=5 is the minimum recommended value. For sensitive data (health, financial), target k=10 or higher. The right value depends on the re-identification risk: smaller datasets with many quasi-identifiers need higher k values.

If the data is truly anonymized (not pseudonymized), yes. Differential privacy is the strongest approach for ML training because it provides a mathematical guarantee that no individual training example materially influenced the model. The [AI PM Handbook](/ai-guide) covers the full lifecycle of AI product development including data governance.

For real-time dashboards, apply differential privacy at the query layer rather than at the storage layer. Tools like Google's differential privacy library or OpenDP can add calibrated noise to aggregation queries without modifying the underlying data. This preserves data utility for non-anonymized use cases while providing privacy guarantees for the dashboard output.

De-identification removes direct identifiers (names, emails) but may leave quasi-identifiers intact. Anonymization goes further by making re-identification infeasible even with external data. GDPR uses the term "anonymisation" to mean data that is irreversibly stripped of identifying information. HIPAA uses "de-identification" with specific safe harbor or expert determination methods.