What is anonymised data?
Anonymised data is information that cannot be related to an identified or identifiable natural person (Recital 26, GDPR). Anonymisation therefore means that a person is no longer identifiable.
The Data protection principles do not apply to this type of data, i.e. anonymous data may be disclosed at any time for statistical or research purposes, for example. However, they must be sufficiently anonymised.
But when is data really anonymous?
The anonymization of data is not easy. It is often not enough to delete certain categories of data, such as first name or surname. Studies have shown that 87 % of all US Americans can be clearly identified simply by combining gender, zip code and date of birth.
It is important for companies that published anonymized data is also anonymized internally. Otherwise this could be re-identified.
First and foremost, there is no absolute standard as to when data is sufficiently anonymised. Sufficient anonymisation depends on how much effort is required to make data identifiable again. The greater the effort required to assign data to natural persons and identify them on the basis of that data, the better the anonymisation.
External Data Protection Officer
You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.
How can I make data anonymous?
There are a variety of techniques for anonymization. The European Commission has published a document on the Techniques of anonymization (EN) worked out. One example is the generalisation of data.
Generalisation: Exact data is generalized, i.e. it is mapped more inaccurately. For example:
- Age: 50 to Age: 45-45
- Size: 165 cm to 160 - 170 cm
Anonymous data are, for example, statistics such as data on the number of inhabitants of a city or the average income of a professional group. These data do not allow any conclusions to be drawn about an individual and are therefore anonymous.