Pseudonymisation of personal data as a technical and organisational measure for using data in the cloud

Today, social media, information management systems and smart devices are just a few examples of technologies that process large amounts of data every day. Although the General Data Protection Regulation requires data controllers to ensure that technical and organisational measures are in place, the focus of the Regulation is on data processing, such as the collection, storage and processing of personal data. Given that a very large part of the data of smart devices is nowadays stored directly in the cloud, it is necessary to analyse how to store and process this data in the cloud, which most often can also identify a specific person to meet the requirements of the Regulation, or to store it directly in a form that does not have to meet some of the data protection requirements. The work focussed on the storage and processing of personal data in the cloud and analysed whether the pseudonymisation of personal data can effectively eliminate the reference to the data subject, since such an elimination would imply that the cloud can be used without restrictions as well as in accordance with the requirements of data protection. Scientific articles, legislation, guidelines and other sources were analysed. The paper describes the possibilities of pseudonymisation as such, and also provides useful insights into storing personal data in pseudonymised form.