On 16 January 2025 the European Data Protection Board (EDPB) adopted its Guidelines 01/2025 on Pseudonymisation (the Guidelines). The consultation period on the Guidelines finished at the end of February; a final version is expected to be published later in 2025. The Guidelines provide helpful guidance to organisations on the legal definition of pseudonymisation under the GDPR, the benefits associated with using pseudonymisation, and when organisations are expected to implement pseudonymisation.

The Guidelines leave a number of open questions for organisations, in particular in relation to how organisations should, as a practical matter, assess the effectiveness of their pseudonymisation methods, and are inconsistent in that regard. This article provides an overview of the key parts of the Guidelines, highlights some of the key benefits for businesses resulting from the Guidelines, and indicates some topics in relation to which additional clarity should be provided.