Anonymised information is not covered by the GDPR

Anonymised information is not covered by the GDPR. Because anonymised personal data cannot relate to an identified or identifiable natural person. The GDPR applies for data that someone can read. Also, it must be possible to identify a physically living person through the data. Recitial 26 of the GDPR mentions that GDPR is not applicable on anonymised information.

Personal data are for example the following:

name,
telephone number,
profile pictures,
e-mail addresses
social security numbers
IP-address.

Information that canrelate to an identified or identifiable natural person, and that can be attributed to the individual indirectly, is also a personal data.

If the personal data is anonymised, the processing of such information does not have to comply with the GDPR. In order for data to be anonymised, it must no longer be possible to identify the person to whom the data belongs. When data is anonymous, it is only “data” and no longer considered as a “personal data”.

Anonymised information is not covered by the GDPR

Encrypted messages can also be personal data. If it is possible for someone to make the data readable and identify people, for instance. For example, if a company has a list of registered “user-ID:s” with links to more personal data. Such as, for instance, the users e-mail address.

GDPR does not regulate information that is anonymous and that therefore cannot identify a natural person. This applies to both personal data that has been anonymised, and data that has never been able to identify an individual.

Many people also believe that an organization number belonging to a limited company is personal information, but it is not. GDPR does not apply for information thatidentify legal persons. Such as, for example, company registration number or postal address.

More information

Guide from the EDPB concerning Controllers and Processors.

A natural and legal person can be a Personal Data Controller.

Report personal data breaches to Supervisory Authority.

What does the principle of storage limitation and erasure of data mean?

Guide from the EDPB concerning Controllers and Processors.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_137823009_5	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Anonymised information is not covered by the GDPR

Anonymised information is not covered by the GDPR

More information

A natural and legal person can be a Personal Data Controller

What does the principle of storage limitation and erasure of data mean?

Report personal data breaches to Supervisory Authority

Links

Popular Subjects

Anonymised information is not covered by the GDPR

More information

Similar Posts

Links

Popular Subjects