(29) In order to encourage the use of pseudonymisation in the processing of personal data, it is appropriate to allow the use of pseudonymisation measures by the same controller that do not exclude general analysis, provided that that controller has taken the technical and organisational measures necessary to implement this Regulation in the scope of the processing concerned and that additional information allowing the attribution of personal data to a particular data subject is stored separately.
„Our Data Protection Officer (DPO) handles everything himself."
Are you sure about that?

