Home » The GDPR » Main Concepts » Identification, Pseudonymization, and Anonymization » Anonymization

This section describes the GDPR’s concept of anonymization and how to implement it. It is concerned with rendering identification by any actor and under any realistic circumstances impossible, now and in the future. Anonymization is concerned with preventing both, direct and indirect identification.

Anonymization contrasts with pseudonymization which is mostly concerned with direct identification and solely in the controlled environment of the controller’s (or joint controllers’) processing activity (or activities).

Anonymization in a nutshell:

  • Data protection is a fundamental right (see Art. 8 of European Charter of Fundamental Rights).
  • The GDPR implements this right by defining the safeguards necessary to protect data subjects at risk through a processing activity.
  • Anonymous data is data that poses no risk to data subjects.
    • The GDPR therefore does not apply to anonymous data.
    • The risk is considered to be absent when identification of data subjects is not or no longer possible.
  • Data that permits identification is not anonymous
    • even if the risk of identification is small or cannot be perceived, and
    • independently of whether a controller has attempted to anonymize with significant effort and by following the state of the art.
  • There is no known test to determine whether data is indeed anonymous.
  • Most data sets likely have residual risk that at least partial identification will be possible in the future with newly available additional information, methodology, and computing technology. The term presumed anonymous data captures this.
  • Some researchers believe that anonymous data that is still useful does not exist.
  • Presumed anonymous data with a residual risk of identification is not (truly) anonymous but is personal data that is subject to application of the GDPR.
    • Attempted anonymization significantly reduces the risk for data subjects.
    • The GDPR takes a risk-based approach that requires implementing measures and safeguards in proportion to the risk.
    • The most important measure for presumed anonymous data with residual risk is confidentiality.
    • The best practice of sharing such data is through a contractual agreement with the recipient that passes on certain obligations from the GDPR. (This is very similar to a contractual agreement between controller and processor).


Skip to content