Anonymisation is the process of removing personal informatiom from an information set in such a way that the data subject is no longer identifiable.  Anonymisation is therefore a process which removes personal identifiers, both direct and indirect, that may lead to an individual being identified. The main purpose of anonymisation is the use of data in public reports.

An individual may be indirectly identifiable when certain information is linked together with other sources of information, including, their place of work, job title, salary, their postcode or even the fact that they have a particular diagnosis or condition. This is a more common issue when working with the extremes of a data set, for example you are running an employee survey, collecting department and there are only two employees in the department.

Once data is anonymised and individuals are no longer identifiable, the data will not fall within the scope of the GDPR and it therefore does not need to be protected for regulatory reasons.

One issue with anonymised data is that once supporting data is removed from the data set, it may not be fit for the purpose of the required analysis or processing.

Further information is available here: https://ico.org.uk/media/1061/anonymisation-code.pdf

This article can be read in conjunction with the pseudonymisation & encryption articles