/
User Pseudonymisation

User Pseudonymisation

Irreversibility Warning: Once a user’s data is pseudonymised, it cannot be restored. Review your actions carefully before proceeding.

Note: This feature is only accessible to users with the “Owner” role.

What is Pseudonymisation?

Pseudonymisation is a data protection process that safeguards personal information by replacing it with artificial identifiers. This ensures the privacy of individuals while still allowing customers to retain some level of useful data for reporting or analytics.

For example, instead of storing a user’s name and email, we might store “User123” and a generic placeholder email address.

Why Use Pseudonymisation?

This feature helps your organisation:

  • Protect User Privacy: Align with GDPR regulations by removing personally identifiable information after a user is no longer active.

  • Maintain Analytics: Continue using pseudonymised data for valuable statistical reporting and decision-making without identifying individuals.

Key Features of the Pseudonymisation Setting

Automated Process

  • Deactivated users’ data is automatically pseudonymised after a set period.

  • You can customise the delay (between 1 and 7 years) to suit your organisation’s needs.

Why these limits?

  • 1 years minimum: Covers scenarios like parental leave, allowing users to return if needed.

  • 7 years maximum: Aligns with GDPR’s principle of limiting data retention to what is necessary.

Note: You can manually pseudonymise users at any time through the User Interface.

Data Usability

  • Pseudonymised data can still be used in aggregate for reporting, analytics, and other non-identifiable purposes, ensuring no disruption to your insights.

How to Enable and Configure Pseudonymisation

Important: Once a user’s data is pseudonymised, it cannot be restored. Review your actions carefully before proceeding.

  1. Navigate to Company Settings > People > Data Protection.

  2. Locate the “Automated Pseudonymisation” option.

  3. Enable the setting and choose your delay period (between 1 and 7 years)

  4. Optionally, select if 1-to-1s should be deleted when user is pseudonymised

  5. Save your changes.

Screenshot from 2025-02-17 12-22-25.png

To manually pseudonymise a user:

  1. Go to the user’s profile in the User Interface.

  2. Select the Anonymise User, and confirm.

image-20250109-181204.png

How It Works

  1. Delay Period: Pseudonymisation occurs after the deactivation date plus the configured delay period.

  2. Timestamp: A confirmation timestamp is recorded once the pseudonymisation process is complete.

  3. Aggregate Usability: The pseudonymised data remains usable for statistical and reporting purposes without compromising user privacy.

Example Use Case

  • A user is deactivated on 1st January 2025.

  • Your organisation has set a pseudonymisation delay of 3 years.

  • On 1st January 2028, the user’s data will be pseudonymised automatically. Alternatively, you can manually pseudonymise the user sooner if required.

FAQs

 

No, pseudonymisation is irreversible. Take care when configuring or manually applying pseudonymisation.

No, pseudonymisation is irreversible. Take care when configuring or manually applying pseudonymisation.

Yes. Pseudonymised data is stripped of personal identifiers but remains available for aggregate reporting and analytics.

This range ensures compliance with GDPR and Learn Amp’s policies, striking a balance between protecting user privacy and meeting organisational needs. The minimum delay of 1 year accounts for scenarios such as parental leave, where some organisations deactivate accounts temporarily. This helps prevent accidental pseudonymisation of users who may return within this timeframe.

Yes, you can manually pseudonymise any user at any time via the User Interface. This offers flexibility for immediate action.

Anonymised: First Name, Last Name & Email

Removed: Bio, Job Title, Profile Picture

Optionally: 1-to-1s can be configured to be deleted when a user is pseudonymised. (This includes removing 1-to-1 comments, answers, notes and action points, reviewer responses and comments etc).

The pseudonymisation process does not alter data stored in custom fields. Therefore, if you use a non-personal identifier (e.g., payroll ID or HRIS ID) as a custom field, this can be used to re-link the pseudonymised user data upon the employee’s return. It is important to ensure that this identifier cannot be used by Learn Amp to identify the user directly and does not qualify as personal data under GDPR. Always confirm that the identifier is unique to your organisation and does not, on its own, allow for re-identification by Learn Amp.

Any identifiable information added to 1-to-1 responses will not be automatically pseudonymised, unless the setting “Delete a user's 1-to-1s when they are pseudonymised” is checked. If this setting has been checked, the related 1-to-1s records will be deleted, including all answers, notes, action points from both reviewee and reviewer etc.

No; these 1-to-1s records will be completely deleted.

No; these 1-to-1s records will be deleted, including all the information submitted by the reviewer.

You can re-activate a pseudonymised user, but the fields impacted by the pseudonymisation will not automatically roll back to the original values.
If you have retained a non-personal identifier (e.g. payroll ID or HRIS ID) in a custom field, an admin could still manually edit the first name / last name /email of the account to restore the original values.

 

Related content