Reltio Connect

• If one of the attributes being sent downstream is a customer ID, person number or Entity ID, and you can use that value to access the PII in Reltio, you are pseudonymizing the data, not anonymizing the data. While this is certainly not a "bad thing", you cannot claim that the downstream data is "fully deidentified".
• In the above case, the ID is a form of tokenization, and the ID is actually PII, because it can be used to reference PII.
• In order to claim the data is "fully deidentified" or "anonymized" and therefore not PII, you need to remove any reference back to the actual PII

• If one of the attributes being sent downstream is a customer ID, person number or Entity ID, and you can use that value to access the PII in Reltio, you are pseudonymizing the data, not anonymizing the data. While this is certainly not a "bad thing", you cannot claim that the downstream data is "fully deidentified".
• In the above case, the ID is a form of tokenization, and the ID is actually PII, because it can be used to reference PII.
• In order to claim the data is "fully deidentified" or "anonymized" and therefore not PII, you need to remove any reference back to the actual PII

• Internally generated IDs (like a Reltio ID) behave like a token, and data tagged with these reference numbers is pseudonymized.
  
• Pseudonymized data is GRPR regulated and needs to be treated exactly like PII, but it carries a lower risk profile with respect to data breach and fines.
• A Reltio ID, Customer ID or Person # can't be used by a non-authorized party to identify a guest or employee (as per your comment on Reltio being protected by security)
• Data is anonymized when it it "fully deidentified", in other words no way to reference back to the PII. A common example would be to mask the PII (including the ID) with "XXXXXXXXXX"
• Anonymized data is not GDPR regulated.

• If one of the attributes being sent downstream is a customer ID, person number or Entity ID, and you can use that value to access the PII in Reltio, you are pseudonymizing the data, not anonymizing the data. While this is certainly not a "bad thing", you cannot claim that the downstream data is "fully deidentified".
• In the above case, the ID is a form of tokenization, and the ID is actually PII, because it can be used to reference PII.
• In order to claim the data is "fully deidentified" or "anonymized" and therefore not PII, you need to remove any reference back to the actual PII

• Internally generated IDs (like a Reltio ID) behave like a token, and data tagged with these reference numbers is pseudonymized.
  
• Pseudonymized data is GRPR regulated and needs to be treated exactly like PII, but it carries a lower risk profile with respect to data breach and fines.
• A Reltio ID, Customer ID or Person # can't be used by a non-authorized party to identify a guest or employee (as per your comment on Reltio being protected by security)
• Data is anonymized when it it "fully deidentified", in other words no way to reference back to the PII. A common example would be to mask the PII (including the ID) with "XXXXXXXXXX"
• Anonymized data is not GDPR regulated.

• If one of the attributes being sent downstream is a customer ID, person number or Entity ID, and you can use that value to access the PII in Reltio, you are pseudonymizing the data, not anonymizing the data. While this is certainly not a "bad thing", you cannot claim that the downstream data is "fully deidentified".
• In the above case, the ID is a form of tokenization, and the ID is actually PII, because it can be used to reference PII.
• In order to claim the data is "fully deidentified" or "anonymized" and therefore not PII, you need to remove any reference back to the actual PII

Gino - a great topic to always keep in mind.

• Internally generated IDs (like a Reltio ID) behave like a token, and data tagged with these reference numbers is pseudonymized.
  
• Pseudonymized data is GRPR regulated and needs to be treated exactly like PII, but it carries a lower risk profile with respect to data breach and fines.
• A Reltio ID, Customer ID or Person # can't be used by a non-authorized party to identify a guest or employee (as per your comment on Reltio being protected by security)
• Data is anonymized when it it "fully deidentified", in other words no way to reference back to the PII. A common example would be to mask the PII (including the ID) with "XXXXXXXXXX"
• Anonymized data is not GDPR regulated.

• If one of the attributes being sent downstream is a customer ID, person number or Entity ID, and you can use that value to access the PII in Reltio, you are pseudonymizing the data, not anonymizing the data. While this is certainly not a "bad thing", you cannot claim that the downstream data is "fully deidentified".
• In the above case, the ID is a form of tokenization, and the ID is actually PII, because it can be used to reference PII.
• In order to claim the data is "fully deidentified" or "anonymized" and therefore not PII, you need to remove any reference back to the actual PII