What Is Anonymisation?
Anonymisation is processing personal data so that individuals can no longer be identified from it, irreversibly and in a way that cannot reasonably be undone.
Anonymisation — processing personal data so that individuals can no longer be identified from it, irreversibly and in a way that cannot reasonably be undone.
Truly anonymised data falls outside data-protection law, because there is no longer an identifiable person to protect. The bar is high: if data can be re-identified with reasonable effort — by combining it with other available information — it is not anonymous but merely pseudonymised, and the obligations still apply. Getting this distinction wrong is a common compliance trap in AI projects.
Source: GDPR, Recital 26; ICO guidance
Plain-language explanation
Truly anonymised data falls outside data-protection law, because there is no longer an identifiable person to protect. The bar is high: if data can be re-identified with reasonable effort — by combining it with other available information — it is not anonymous but merely pseudonymised, and the obligations still apply. Getting this distinction wrong is a common compliance trap in AI projects.
Related terms
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →