Anonymisation of Personal Data

Data is at the heart of the digital transformation. The exchange of personal data between public and private entities is steadily increasing. The European Data Strategy is intended to help the EU take a leading role in the international competition for data-driven business models. 

At the end of 2022, a team led by Prof. Dr. Rolf Schwartmann from the Research Centre for Media Law at Cologne University of Applied Sciences and the Gesellschaft für Datenschutz und Datensicherheit (GDD) e.V. (Society for Data Protection and Data Security) was commissioned by the Stiftung Datenschutz (Data Protection Foundation) to draw up a set of basic rules for the anonymisation of personal data.

Practice Guide and Basic Rules

These rules are based on the "Practical Guide to Anonymising Personal Data" and are intended as a generally applicable set of rules. Associations or other organisations representing data processors may develop general or sector-specific codes of conduct based on these principles to govern the anonymisation of personal data. 

These principles apply to controllers and processors, regardless of industry or sector, when they anonymise personal data and regardless of the internal organisation and division of tasks of the controller or processor. Controllers or processors working with anonymised data are encouraged to apply these rules to demonstrate that the data used have been anonymised in accordance with the rules defined here and that re-identification is unlikely during the period of use. 

The rules are accompanied by a practical guide.