What is anonymised data in GDPR?

Under Recital 36 of the GDPR, anonymized data is information which does not relate to an identified or identifiable natural person and is rendered anonymous in such a manner that a data subject cannot be identified. It is data that has been irreversibly modified and stripped of any identifying information, such as names, addresses, or personal identification numbers.

Fully anonymised data is not considered personal data and therefore is not subject to the same restrictions for processing personal data under the GDPR. However, it’s not easy to ensure that data is fully anonymous and not all data can be completely anonymized. Therefore, it’s important to be mindful of the potential risks of anonymous data and to take appropriate steps to minimize the risk of re-identification.