Complying with retention rules when using pseudonymized personal data

Yes, you do. Only anonymized data are out of the scope of GDPR. Pseudonymized data will follow all GDPR rules, including data retention.

If you want to learn how to comply with EU GDPR requirements you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//

And does the data remain pseudonymous if the information required to re-identify the person is removed? Eg. system A stores user information linking user ID 1 to a person, system B stores information that user with ID 1 did something. At this point the ID 1 in system B is clearly pseudonymous information and combined with information from system A can be used to identify a person. Now if the information linking ID 1 to a person is irreversibly removed does the information in system B turn to anonymous since there's no longer a way to link it to a specifc user?

If the information to re-identify the person is completely removed from all system and the person is no more identifiable, the data become anonymous, but if the information to re-identify the person is kept in another system (or if the person is identifiable from other information processed) the data will be pseudonymized.

I make you an example of an identifiable person. Let's imagine that you remove contact details (name, surname, mail, telephone, etc.) because you need to make some statistics on the kind of occupation of your clients.

The person will be identifiable even if you assigned an ID reference and you keep only age, job, location if from the combination of parameters you can identify the person. Let's say it is a small town, where there are only 10 plumbers and only 2 of that age. In such a case, the person is considered identifiable, but if data are aggregated so that you cannot go to the single ID, then it will be anonymous.

So, if the information in system B cannot make you identify the person, it will be anonymous.