Anonymised information is not covered by the GDPR. Because anonymised personal data cannot relate to an identified or identifiable natural person. The GDPR applies for data that someone can read. Also, it must be possible to identify a physically living person through the data. Recitial 26 of the GDPR mentions that GDPR is not applicable on anonymised information.
Personal data are for example the following:
- telephone number,
- profile pictures,
- e-mail addresses
- social security numbers
Information that canrelate to an identified or identifiable natural person, and that can be attributed to the individual indirectly, is also a personal data.
If the personal data is anonymised, the processing of such information does not have to comply with the GDPR. In order for data to be anonymised, it must no longer be possible to identify the person to whom the data belongs. When data is anonymous, it is only “data” and no longer considered as a “personal data”.
Anonymised information is not covered by the GDPR
Encrypted messages can also be personal data. If it is possible for someone to make the data readable and identify people, for instance. For example, if a company has a list of registered “user-ID:s” with links to more personal data. Such as, for instance, the users e-mail address.
GDPR does not regulate information that is anonymous and that therefore cannot identify a natural person. This applies to both personal data that has been anonymised, and data that has never been able to identify an individual.
Many people also believe that an organization number belonging to a limited company is personal information, but it is not. GDPR does not apply for information thatidentify legal persons. Such as, for example, company registration number or postal address.