Pseu, Pseu, Pseudio. Pseudonymization in Django.

About This Talk

The General Data Protection Regulation, better known as GDPR, is a regulation on data protection and privacy for all individuals within the European Union. GDPR went into effect on May 25, 2018 and was the cause of the “Great Privacy Policy Update” that occurred in the weeks prior.

This talk will cover what GDPR is and why you should care about it, but we won’t stop there. This is not going to be another talk on data protection policy. No.

In this talk, we’re going to jump right into discussing HOW to implement data patterns that comply with regulations like GDPR by examining a pattern known as pseudonymization.

Pseudonymization is a data de-identification procedure where fields of personally identifiable information (PII) within a data record are replaced by one or more artificial identifiers. These artificial identifiers are also called pseudonyms. Pseudonyms make a data record less identifiable without sacrificing data analysis and processing. GDPR requires that PII undergo either pseudonymization or complete data anonymization.

For the hands-on portion of this talk, we’ll construct a Django User Model where we apply pseudonyms to the data attributes which qualify as PII. We’ll explore a couple strategies for implementing a compliant pseudonymization pattern, examining their individual approaches and performance, and we’ll discuss limitations of pseudonymizing certain attributes and how to achieve compliance through consent.

GDPR sets a precedent for responsible data management. Whether your application serves citizens of the EU or not, the regulations serve as an encouragement for protecting your user’s identities. This talk is great for everyone from beginners to expert Django developers… and fans of Phil Collins :)