Anonymised data

Revision as of 08:29, 24 June 2024 by Amwelladmin (talk | contribs) (Created page with "{{a|gdpr|}}{{quote| “There can be confusion between pseudonymisation and anonymisation. For example, it is common to refer to datasets as “anonymised” when in fact they still contain personal data, just in pseudonymised form. This poses a clear risk. For example, a mistaken belief that the processing does not involve personal data could mean that the requirements of UK data protection law are not met. This could result in potential adverse outcomes for individua...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
General Data Protection Regulation
Index: Click to expand:
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.

“There can be confusion between pseudonymisation and anonymisation. For example, it is common to refer to datasets as “anonymised” when in fact they still contain personal data, just in pseudonymised form.

This poses a clear risk. For example, a mistaken belief that the processing does not involve personal data could mean that the requirements of UK data protection law are not met. This could result in potential adverse outcomes for individuals.”

“Anonymous data” is not a concept defined under GDPR (it is more or less describes whatever does not fall inside it) but is information that does not relate to an identified or identifiable individual. It is not in scope for GDPR.

Data that was personal but that has been anonymised — that is, permanently stripped of its identifying characteristics so that it is not possible to reverse-engineer it back into the same personal data, is no longer personal data, and is not subject to GDPR. If it has been temporarily masked but can be reconstituted by anyone (whether or not you) with a code of some kind it is “pseudonymised data” and remains personal data.

See also