White Paper

Recent Case Law has Reshaped the Boundary between Pseudonymised and Anonymised Data – Here’s How Organisations Can Safely Navigate It

White Label Consultancy partners Nicholai Pfeiffer and Magdalena Góralczyk, drawing on two decades of combined experience in data protection, examine the Court of Justice of the European Union’s (CJEU) groundbreaking interpretation on what constitutes proper pseudonymisation and anonymisation.

In this new White Paper, they unpack the CJEU’s judgment in EDPS v SRB (C-413/23), delivered on 4 September 2025, which redefines where the boundary is between personal data and no longer personal data.

The decision marks a clear departure from the long-standing assumption that pseudonymised data are always personal data – a shift with major implications for compliance strategies, international data transfers, and transparency obligations.

The paper explores:

  • How pseudonymised data may or may not qualify as personal depending on context; and
  • What the ruling means for controllers’ and processors’ privacy compliance and contractual duties.

Offering both legal precision and practical insight, Nicholai and Magdalena – supported by their teams – guide readers through the case background, the Court’s reasoning, and the far-reaching consequences for organisations operating in the EU’s data ecosystem.

Download this White Paper

To receive the White Paper, please fill out the form below. You’ll receive the document in a separate email once your information has been submitted.

First Name
Last Name
Job title
Email
Company Name
Country

To understand how we process your personal data please check our Privacy Notice

OTHER WHITEPAPERS THAT MAY INTEREST YOU

White Paper

International Data Transfers After the “Digital Omnibus” Reform – A More Coherent, Risk-Based Framework for Global Data Flows

White Label Consultancy partners Magdalena Góralczyk and Nicholai Pfeiffer, drawing on extensive experience advising on complex cross-border data ecosystems, examine how the European Commission’s proposed Digital Omnibus reform may reshape the practical landscape for international data transfers. In this new White Paper,...

Events

DIFC’s Regulation 10 Certification Workshop

White Label Consultancy, as the only accredited certification body approved by DIFC, is hosting a workshop for organisations navigating the certification requirements for autonomous and semi-autonomous AI systems under DIFC's Regulation 10. This in-person workshop will provide companies with a comprehensive understanding...

Webinar

DIFC’s Regulation 10 – What Companies Need to Know

Dubai International Financial Centre (DIFC) Regulation 10 introduced many requirements for the use of AI for high-risk processing activities.As key Regulation 10 compliance deadlines start to apply, the data protection law team at Pinsent Masons LLP and White Label Consultancy (WLC), currently the only...

Subscribe to White Label Consultancy Newsletter

Stay informed about our services, offerings and latest developments in data protection, cyber security and AI, through our White Label Consultancy newsletter. Gain early access to our insights, events, and many more.

📩