What is data anonymization under GDPR?
Data anonymization in the context of GDPR involves the procedure of either encrypting or eliminating personally identifiable information, making it impossible to directly or indirectly identify individuals.
As per Recital 26 of GDPR:
“The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.“
That means, once data can no longer lead to the identification of a person, it loses its classification as personal data, exempting it from the requirements of GDPR compliance.