This section describes the GDPR’s concept of anonymization and how to implement it. It is concerned with rendering identification by any actor and under any realistic circumstances impossible, now and in the future. Anonymization is concerned with preventing both, direct and indirect identification.
Anonymization contrasts with pseudonymization which is mostly concerned with direct identification and solely in the controlled environment of the controller’s (or joint controllers’) processing activity (or activities).
Anonymization in a nutshell: