CINXE.COM

Data anonymization and GDPR compliance: the case of Taxa 4x35 - GDPR.eu

<!DOCTYPE html><html lang=en-US class="no-js no-svg"><head><meta charset=UTF-8><meta name=viewport content="width=device-width, initial-scale=1.0"><link rel=profile href=http://gmpg.org/xfn/11><link type=text/css media=all href=https://gdpr.eu/wp-content/cache/autoptimize/css/autoptimize_5b670c3f41f6d1c9d284128a1816dcbc.css rel=stylesheet><title>Data anonymization and GDPR compliance: the case of Taxa 4x35 - GDPR.eu</title> <script>(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <meta name=description content="Studying the case of Taxa 4x35, a Danish taxi company, sheds light on how data protection agencies are enforcing GDPR requirements for data anonymization."><meta name=robots content="max-snippet:-1, max-image-preview:large, max-video-preview:-1"><link rel=canonical href=https://gdpr.eu/data-anonymization-taxa-4x35/ ><meta property=og:locale content=en_US><meta property=og:type content=article><meta property=og:title content="Data anonymization and GDPR compliance: the case of Taxa 4x35 - GDPR.eu"><meta property=og:description content="Studying the case of Taxa 4x35, a Danish taxi company, sheds light on how data protection agencies are enforcing GDPR requirements for data anonymization."><meta property=og:url content=https://gdpr.eu/data-anonymization-taxa-4x35/ ><meta property=og:site_name content=GDPR.eu><meta property=article:section content="News &amp; Updates"><meta property=article:published_time content=2019-05-06T10:18:17+00:00><meta property=article:modified_time content=2023-09-14T15:42:36+00:00><meta property=og:updated_time content=2023-09-14T15:42:36+00:00><meta property=og:image content=https://gdpr.eu/wp-content/uploads/2019/05/gdpr-data-anonymization-IM-blog-cover.jpg><meta property=og:image:secure_url content=https://gdpr.eu/wp-content/uploads/2019/05/gdpr-data-anonymization-IM-blog-cover.jpg><meta property=og:image:width content=1920><meta property=og:image:height content=1080><meta name=twitter:card content=summary_large_image><meta name=twitter:description content="Studying the case of Taxa 4x35, a Danish taxi company, sheds light on how data protection agencies are enforcing GDPR requirements for data anonymization."><meta name=twitter:title content="Data anonymization and GDPR compliance: the case of Taxa 4x35 - GDPR.eu"><meta name=twitter:image content=https://gdpr.eu/wp-content/uploads/2019/05/gdpr-data-anonymization-IM-blog-cover.jpg> <script type=application/ld+json class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://gdpr.eu/#organization","name":"GDPR.eu","url":"https://gdpr.eu/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https://gdpr.eu/#logo","url":"https://gdpr.eu/wp-content/uploads/2019/02/profile-pic-PH-gdpr.jpg","width":900,"height":900,"caption":"GDPR.eu"},"image":{"@id":"https://gdpr.eu/#logo"}},{"@type":"WebSite","@id":"https://gdpr.eu/#website","url":"https://gdpr.eu/","name":"GDPR.eu","publisher":{"@id":"https://gdpr.eu/#organization"},"potentialAction":{"@type":"SearchAction","target":"https://gdpr.eu/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"ImageObject","@id":"https://gdpr.eu/data-anonymization-taxa-4x35/#primaryimage","url":"https://gdpr.eu/wp-content/uploads/2019/05/gdpr-data-anonymization-IM-blog-cover.jpg","width":1920,"height":1080,"caption":"data anonymization GDPR"},{"@type":"WebPage","@id":"https://gdpr.eu/data-anonymization-taxa-4x35/#webpage","url":"https://gdpr.eu/data-anonymization-taxa-4x35/","inLanguage":"en-US","name":"Data anonymization and GDPR compliance: the case of Taxa 4x35 - GDPR.eu","isPartOf":{"@id":"https://gdpr.eu/#website"},"primaryImageOfPage":{"@id":"https://gdpr.eu/data-anonymization-taxa-4x35/#primaryimage"},"datePublished":"2019-05-06T10:18:17+00:00","dateModified":"2023-09-14T15:42:36+00:00","description":"Studying the case of Taxa 4x35, a Danish taxi company, sheds light on how data protection agencies are enforcing GDPR requirements for data anonymization."},{"@type":"Article","@id":"https://gdpr.eu/data-anonymization-taxa-4x35/#article","isPartOf":{"@id":"https://gdpr.eu/data-anonymization-taxa-4x35/#webpage"},"author":{"@id":"https://gdpr.eu/#/schema/person/5cd2d5241f0b12376f50ab9f841b2eac"},"headline":"Data anonymization and GDPR compliance: the case of Taxa 4&#215;35","datePublished":"2019-05-06T10:18:17+00:00","dateModified":"2023-09-14T15:42:36+00:00","commentCount":0,"mainEntityOfPage":{"@id":"https://gdpr.eu/data-anonymization-taxa-4x35/#webpage"},"publisher":{"@id":"https://gdpr.eu/#organization"},"image":{"@id":"https://gdpr.eu/data-anonymization-taxa-4x35/#primaryimage"},"articleSection":"News &amp; Updates"},{"@type":["Person"],"@id":"https://gdpr.eu/#/schema/person/5cd2d5241f0b12376f50ab9f841b2eac","name":"Richie Koch","image":{"@type":"ImageObject","@id":"https://gdpr.eu/#authorlogo","url":"https://secure.gravatar.com/avatar/08db9693a2296708cd4d5a8f614cf370?s=96&d=mm&r=g","caption":"Richie Koch"},"description":"Prior to joining Proton VPN, Richie spent several years working on tech solutions in the developing world. As a senior editor at Latterly magazine, he covered international human rights stories. He joined Proton VPN to advance the rights of online privacy and freedom.","sameAs":[]}]}</script> <link rel=dns-prefetch href=//ws.sharethis.com><link rel=dns-prefetch href=//cdn.jsdelivr.net><link rel=dns-prefetch href=//maxcdn.bootstrapcdn.com><link rel=dns-prefetch href=//fonts.googleapis.com><link rel=dns-prefetch href=//use.fontawesome.com><link rel=dns-prefetch href=//s.w.org><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Feed" href=https://gdpr.eu/feed/ ><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Comments Feed" href=https://gdpr.eu/comments/feed/ ><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Data anonymization and GDPR compliance: the case of Taxa 4&#215;35 Comments Feed" href=https://gdpr.eu/data-anonymization-taxa-4x35/feed/ > <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/gdpr.eu\/wp-includes\/js\/wp-emoji-release.min.js?ver=8c03ada028d9ba4936249699216631ae"}}; !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings);</script> <style>img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 .07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; }</style><link rel=stylesheet id=simple-share-buttons-adder-font-awesome-css href='//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8c03ada028d9ba4936249699216631ae' type=text/css media=all><link rel=stylesheet id=opensans-css href='https://fonts.googleapis.com/css?family=Open+Sans' type=text/css media=all><link rel=stylesheet id=font-awesome-css href=https://use.fontawesome.com/releases/v5.1.1/css/all.css type=text/css media=all> <script src="https://gdpr.eu/wp-content/cache/minify/c7035.js"></script> <script id=st_insights_js src='https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&#038;product=simpleshare'></script> <link rel=https://api.w.org/ href=https://gdpr.eu/wp-json/ ><link rel=EditURI type=application/rsd+xml title=RSD href=https://gdpr.eu/xmlrpc.php?rsd><link rel=wlwmanifest type=application/wlwmanifest+xml href=https://gdpr.eu/wp-includes/wlwmanifest.xml><link rel=shortlink href='https://gdpr.eu/?p=10471'><link rel=alternate type=application/json+oembed href="https://gdpr.eu/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fgdpr.eu%2Fdata-anonymization-taxa-4x35%2F"><link rel=alternate type=text/xml+oembed href="https://gdpr.eu/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fgdpr.eu%2Fdata-anonymization-taxa-4x35%2F&#038;format=xml"><link rel="shortcut icon" href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon.ico><link rel=apple-touch-icon sizes=57x57 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-57x57.png><link rel=apple-touch-icon sizes=60x60 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-60x60.png><link rel=apple-touch-icon sizes=72x72 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-72x72.png><link rel=apple-touch-icon sizes=76x76 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-76x76.png><link rel=apple-touch-icon sizes=114x114 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-114x114.png><link rel=apple-touch-icon sizes=120x120 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-120x120.png><link rel=apple-touch-icon sizes=144x144 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-144x144.png><link rel=apple-touch-icon sizes=152x152 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-152x152.png><link rel=apple-touch-icon sizes=180x180 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-180x180.png><link rel=icon type=image/png sizes=192x192 href=https://gdpr.eu/wp-content/themes/gdpr/assets/android-icon-192x192.png><link rel=icon type=image/png sizes=32x32 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-32x32.png><link rel=icon type=image/png sizes=96x96 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-96x96.png><link rel=icon type=image/png sizes=16x16 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-16x16.png><link rel=manifest href=https://gdpr.eu/wp-content/themes/gdpr/assets/manifest.json><meta name=msapplication-TileColor content=#ffffff><meta name=msapplication-TileImage content=https://gdpr.eu/wp-content/themes/gdpr/assets/ms-icon-144x144.png><meta name=theme-color content=#ffffff><style>.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style></head><body class="post-template-default single single-post postid-10471 single-format-standard cookies-not-set"><div id=wrapper><header id=header><div id=social><div class="container text-right"> <a target=_blank href="http://www.facebook.com/sharer.php?u=https://gdpr.eu/"><em class="fab fa-facebook"></em> <span>Facebook</span></a> <a target=_blank href="http://twitter.com/share?url=https://gdpr.eu/"><em class="fab fa-twitter"></em> <span>Twitter</span></a></div></div><div id=top><div class=container><div class=pull-right><div class=search-box><form role=search method=get class=search-form action=https://gdpr.eu/ > <input type=search id=search-form-67b4fbc7da7e5 class=textbox placeholder=Search... value name=s> <button type=submit class=button><i class=icon-search></i><span>Search</span></button></form></div></div> <span id=logo> <a href=https://gdpr.eu/ class=gdpr></a> <a target=_blank href=https://ec.europa.eu/programmes/horizon2020/en/ class=horizon></a> <img class=full src=https://gdpr.eu/wp-content/themes/gdpr/images/logo-gdpr-eu.svg alt=GDPR.eu> <img class=short src=https://gdpr.eu/wp-content/themes/gdpr/images/logo-gdpr-eu-notext.svg alt=GDPR.eu> </span></div></div><nav id=nav><div class=container><div id=searchx><div class=search-box><form role=search method=get class=search-form action=https://gdpr.eu/ > <input type=search id=search-form-67b4fbc7da985 class=textbox placeholder=Search... value name=s> <button type=submit class=button><i class=icon-search></i><span>Search</span></button></form></div></div><nav id=mainmenu class=menu-primary-menu-container><ul><li id=menu-item-309 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-309"><a href=https://gdpr.eu/ >Home</a></li><li id=menu-item-351 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-351"><a href=https://gdpr.eu/checklist/ >Checklist</a></li><li id=menu-item-8150 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8150"><a href=https://gdpr.eu/faq/ >FAQ</a></li><li id=menu-item-394 class="menu-item menu-item-type-taxonomy menu-item-object-post_tag menu-item-394"><a href=https://gdpr.eu/tag/gdpr/ >GDPR</a></li><li id=menu-item-350 class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-350"><a href=https://gdpr.eu/category/news-updates/ >News &#038; Updates</a></li></ul></nav></div></nav></header><div id=main><div id=primary class="content-area one-column"><div id=content class=site-content><div class=post-main-box><div class=featured-image style="background-image: url(https://gdpr.eu/wp-content/uploads/2019/05/gdpr-data-anonymization-IM-blog-cover.jpg); "> <em></em><div class=container><div class=container><h1>Data anonymization and GDPR compliance: the case of Taxa 4&#215;35</h1> <i></i></div></div></div><div class=container><div class=post-detail-box><div class=container><div class=row><div class="col-xl-8 col-lg-12 single-content"><h3>The Danish taxi service Taxa 4&#215;35 faces a 1.2 million kroner fine (roughly €160,000) for not deleting or anonymizing its users’ data. Studying this example sheds light on how data protection agencies are enforcing GDPR requirements for data anonymization.</h3><p>Taxa 4&#215;35 is a Danish service that allows its users to hail cabs in Copenhagen with an app, similar to Uber. When a user hails a taxi, the Taxa system collects an assortment of data, including the customer’s name, telephone number, the date of the trip, the start and end time of the trip, the number of kilometers driven, the payment, the GPS coordinates of the beginning and end of the trip, as well as written address and other coordinates. Taxa 4&#215;35 then links this data to the user’s tax information to ensure that the proper amount of taxes are collected. <br></p><p>In October of 2018, the Danish data protection agency, <a href=https://www.datatilsynet.dk/ >Datatilsynet</a>, found that Taxa had kept the data from nearly 9 million taxi rides for five years, well after they were still needed. This hoarding of records goes against <a href=https://gdpr.eu/article-5-how-to-process-personal-data/ >Article 5</a> of the EU’s General Data Protection Regulation, which states that personal data shall be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed,” and “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” <br></p><p>Taxa 4&#215;35’s management thought they were exempt from these two sections of Article 5, which represent the principles of data minimization and storage limitation, because they were anonymizing the data by deleting the names associated with the trip records from their database after two years. (The remaining data was then deleted after five years.) Datatilsynet found this attempt at data anonymization to be inadequate, pointing out that even without the user’s name, Taxa 4&#215;35 still had enough personal information to identify an individual. The agency concluded that “Information about the customer&#8217;s taxature (including collection and delivery addresses) can therefore still be attributed to a natural person via the telephone number, which is only deleted after five years.”<br></p><p>You can read the full Datatilsynet statement on Taxa 4&#215;35 <a href=https://www.datatilsynet.dk/tilsyn-og-afgoerelser/afgoerelser/2019/mar/tilsyn-med-taxa-4x35s-behandling-af-personoplysninger/ >here</a>. (In Danish)</p><h3>GDPR requirements for data anonymization</h3><p>The GDPR makes critical differences between <a href=https://gdpr.eu/eu-gdpr-personal-data/ >personal data</a>, pseudonymized data, and anonymized data. Taxa 4&#215;35’s reasoning that anonymized data can be used much longer than personal data was correct. According to <a href=https://gdpr.eu/recital-26-not-applicable-to-anonymous-data/ >Recital 26</a>, “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.”<br></p><p>However, Taxa 4&#215;35 failed to meet the high standard that the GDPR sets for data anonymization. Earlier in Recital 26, it states that not only must an organization consider whether it can identify an individual using the data it has within its database, but it must also consider:</p><blockquote class=wp-block-quote><p>all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments.</p></blockquote><p>Since it is relatively easy to look up a phone number and match it to an individual, the Taxa dataset is not anonymous. Because the records are not anonymous, they are still subject to the full protections listed in the GDPR, which means that Taxa 4&#215;35 should have deleted the data after two years and had documentation to prove it.</p><p><strong>True data anonymization</strong></p><p>Effective data anonymization is made up of two parts:<br></p><ul><li>It is irreversible.</li><li>It is done in such a way that it is impossible (or extremely impractical) to identify the data subject.</li></ul><p>In <a href=https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf>WP 216</a>, the Article 29 Working Party examined several different methods of data anonymization and clarified what measures data processors and controllers have to take. They specifically say that “removing directly identifying elements in itself is not enough to ensure that identification of the data subject is no longer possible. It will often be necessary to take additional measures to prevent identification, once again depending on the context and purposes of the processing for which the anonymised data are intended.”<br></p><p>In the Taxa 4&#215;35 example, their justification for maintaining their database for five years was business development. In this case, they could have made accurate models of when and where they needed drivers and anonymized their data by deleting all other data besides the the date of the trip, the start and end time of the trip, the number of kilometers driven, and the GPS coordinates of the beginning and end of the trip. Then, they could have grouped this data by day or location rather than by account. This would have allowed Taxa to identify geographic hot spots and rush hours for its drivers, but would not allow it to identify individual data subjects.</p><h3>Conclusion</h3><p>The GDPR aims to give individuals control over their personal data, not to prevent companies and organizations from reaping the benefits that analyzing big data can offer. By fully understanding the GDPR requirements regarding the anonymization of data, organizations can continue to process data and reduce their exposure to GDPR fines. Taxa 4&#215;35 made a half-hearted attempt to anonymize its data, and it was caught.</p><p>The GDPR has many requirements for how personal data should be handled. It can be daunting, but we made this website to help businesses with the basics of GDPR compliance. See our<a href=https://gdpr.eu/checklist/ > GDPR checklist</a> and <a href=https://gdpr.eu/what-is-gdpr/ >overview</a> of the law to get started.</p><div class=rp4wp-related-posts><h3>Related Posts</h3><ul><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/article-50-countries-outside-of-europe-cooperation/ >Art. 50 GDPR - International cooperation for the protection of personal data</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/compliance/ >Everything you need to know about GDPR compliance</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/article-34-communication-of-a-personal-data-breach/ >Art. 34 GDPR - Communication of a personal data breach to the data subject</a></div></li></ul></div><div class=post-share><div id=ssba-modern-2 class="ssba ssbp-wrap left ssbp--theme-4"><div style=text-align:left><span class=ssba-share-text>Share on:</span><ul class=ssbp-list><li class=ssbp-li--facebook><a data-site class="ssba_facebook_share ssbp-facebook ssbp-btn" href="http://www.facebook.com/sharer.php?u=https://gdpr.eu/data-anonymization-taxa-4x35/" target=_blank ><div title=Facebook class=ssbp-text>Facebook</div></a></li><li class=ssbp-li--google><a data-site class="ssba_google_share ssbp-google ssbp-btn" href="https://plus.google.com/share?url=https://gdpr.eu/data-anonymization-taxa-4x35/" target=&quot;_blank&quot; ><div title=Google+ class=ssbp-text>Google+</div></a></li><li class=ssbp-li--twitter><a data-site class="ssba_twitter_share ssbp-twitter ssbp-btn" href="http://twitter.com/share?url=https://gdpr.eu/data-anonymization-taxa-4x35/&amp;text=Data%20anonymization%20and%20GDPR%20compliance%3A%20the%20case%20of%20Taxa%204%C3%9735%20" target=&quot;_blank&quot; ><div title=Twitter class=ssbp-text>Twitter</div></a></li><li class=ssbp-li--linkedin><a data-site=linkedin class="ssba_linkedin_share ssba_share_link ssbp-linkedin ssbp-btn" href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https://gdpr.eu/data-anonymization-taxa-4x35/" target=&quot;_blank&quot; ><div title=Linkedin class=ssbp-text>Linkedin</div></a></li></ul></div></div></div></div><div class="col-lg-4 d-none d-xl-block"><div id=sidebar><section class=yellow><h5>Forms and Templates</h5><ul><li><a href=/data-processing-agreement/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Data Processing Agreement</a></li><li><a href=/right-to-erasure-request-form/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Right to Erasure Request Form</a></li><li><a href=/privacy-notice/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Privacy Policy</a></li></ul></section></div></div></div></div></div><div class=post-author-details-box> <span class=author-intials><img src=https://gdpr.eu/wp-content/uploads/2019/01/richie.gif style=' height: 100%; max-width: initial !important;'></span><div class=post-author-details><h6>Richie Koch</h6> <span>Managing Editor, GDPR EU</span><p>Prior to joining Proton VPN, Richie spent several years working on tech solutions in the developing world. As a senior editor at Latterly magazine, he covered international human rights stories. He joined Proton VPN to advance the rights of online privacy and freedom.</p></div></div></div></div></div></div></div><footer id=footer><div class=container><div class=post-author-details-box><div class=post-author-details><h6>About GDPR.EU</h6><p>&nbsp;</p><p>GDPR.EU is a website operated by Proton Technologies AG, which is co-funded by Project REP-791727-1 of the Horizon 2020 Framework Programme of the European Union. This is not an official EU Commission or Government resource. The europa.eu webpage concerning GDPR can be found <a href=https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en target=_blank>here</a>. Nothing found in this portal constitutes legal advice.</p></div></div><div class=footer-top><div class=row><div class=col-sm-3> <br><h5>Getting Started</h5><br><div class=menu-deep-footer-column-1-container><ul class=fmenu><li id=menu-item-9315 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9315"><a href=https://gdpr.eu/what-is-gdpr/ >What is GDPR?</a></li><li id=menu-item-9316 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9316"><a href=https://gdpr.eu/fines/ >What are the GDPR Fines?</a></li><li id=menu-item-9317 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-9317"><a href=https://gdpr.eu/checklist/ >GDPR Compliance Checklist</a></li></ul></div></div><div class=col-sm-3> <br><h5>Templates</h5><br><div class=menu-deep-footer-column-2-container><ul class=fmenu><li id=menu-item-9318 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9318"><a href=https://gdpr.eu/data-processing-agreement/ >Data Processing Agreement</a></li><li id=menu-item-9319 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9319"><a href=https://gdpr.eu/right-to-erasure-request-form/ >Right to Erasure Request Form</a></li><li id=menu-item-9320 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9320"><a href=https://gdpr.eu/privacy-notice/ >Writing a GDPR-compliant privacy notice</a></li></ul></div></div><div class=col-sm-3> <br><h5>Technical Review</h5><br><div class=menu-deep-footer-column-3-container><ul class=fmenu><li id=menu-item-9321 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9321"><a href=https://gdpr.eu/data-protection-officer/ >Data Protection Office Guide</a></li><li id=menu-item-9322 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9322"><a href=https://gdpr.eu/email-encryption/ >GDPR and Email</a></li><li id=menu-item-9323 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9323"><a href=https://gdpr.eu/companies-outside-of-europe/ >Does GDPR apply outside of the EU</a></li></ul></div></div><div class=col-sm-3> <br><h5>About Us</h5><br><p>GDPR.eu is co-funded by the <a href=https://ec.europa.eu/programmes/horizon2020/en/ >Horizon 2020</a> Framework Programme of the European Union <strong>and operated by Proton AG</strong>.</p></div></div></div><div class=formz><p>&nbsp;</p><p><strong>GDPR Forms and Templates</strong></p><p> <a href=/data-processing-agreement/ ><i class="far fa-file-alt"></i> <strong>Data Processing Agreement</strong> <i class="fa fa-chevron-right"></i></a> <a href=/right-to-erasure-request-form/ ><i class="far fa-file-alt"></i> <strong>Right to Erasure Request Form</strong> <i class="fa fa-chevron-right"></i></a> <a href=/privacy-notice/ ><i class="far fa-file-alt"></i> <strong>Privacy Policy</strong> <i class="fa fa-chevron-right"></i></a></p></div><p>&nbsp;</p><p class=copyright>© 2025 Proton AG. All Rights Reserved.</p><p class=text-center> <br> <a href=https://gdpr.eu/terms-and-conditions/ >Terms and Conditions</a> &nbsp;&nbsp;&nbsp; <a href=https://gdpr.eu/privacy-policy/ >Privacy Policy</a></p></div></footer></div><div id=compliance_a style=display:none;> <a href=# class="close fa fa-times"></a> <img src=https://gdpr.eu/wp-content/themes/gdpr/images/gdpr_graphic.svg alt="GDPR Graphic"><p>GDPR compliance is easier with <strong>encrypted email</strong></p> <span><a target=_blank href="https://proton.me/business/gdpr?ref=gdpreu">Learn more <i class="fa fa-chevron-right"></i></a></span></div><style id=simple-share-buttons-adder-ssba-inline-css>.ssba { } .ssba img { width: 35px !important; padding: 6px; border: 0; box-shadow: none !important; display: inline !important; vertical-align: middle; box-sizing: unset; } #ssba-classic-2 .ssbp-text { display: none!important; } .ssba .fb-save { padding: 6px; } .ssbp-list li a {height: 25px!important; width: 25px!important; background-color: #0072ff!important; } .ssbp-list li a:hover {background-color: #0072ff!important; } .ssbp-list li a::before {line-height: 25px!important;; font-size: 16px;color: #fff!important;} .ssbp-list li a:hover::before {color: #fff!important;} .ssbp-list li { margin-left: 8px!important; } .ssba-share-text { font-size: 16px; font-weight: normal; font-family: inherit; } @font-face { font-family: 'ssbp'; src:url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.eot?xj3ol1'); src:url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.eot?#iefixxj3ol1') format('embedded-opentype'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.woff?xj3ol1') format('woff'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.ttf?xj3ol1') format('truetype'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.svg?xj3ol1#ssbp') format('svg'); font-weight: normal; font-style: normal; /* Better Font Rendering =========== */ -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; }</style> <script>var cnArgs = {"ajaxurl":"https:\/\/gdpr.eu\/wp-admin\/admin-ajax.php","hideEffect":"fade","onScroll":"no","onScrollOffset":"100","cookieName":"cookie_notice_accepted","cookieValue":"true","cookieTime":"2592000","cookiePath":"\/","cookieDomain":"","redirection":"1","cache":"1","refuse":"yes","revoke_cookies":"0","revoke_cookies_opt":"automatic","secure":"1"};</script> <script src="https://gdpr.eu/wp-content/cache/minify/6fdea.js"></script> <script>Main.boot( [] );</script> <script src=https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js></script> <div id=cookie-notice role=banner class="cn-bottom bootstrap" style="color: #fff; background-color: #000;" aria-label="Cookie Notice"><div class=cookie-notice-container><span id=cn-notice-text>We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.</span><a href=# id=cn-accept-cookie data-cookie-set=accept class="cn-set-cookie cn-button bootstrap button">Ok</a><a href=# id=cn-refuse-cookie data-cookie-set=refuse class="cn-set-cookie cn-button bootstrap button">No</a><a href=https://gdpr.eu/privacy-policy/ target=_blank id=cn-more-info class="cn-more-info cn-button bootstrap button">Privacy policy</a></div><div class=cookie-notice-revoke-container><a href=# class="cn-revoke-cookie cn-button bootstrap button">Revoke cookies</a></div></div> <script defer src=https://gdpr.eu/wp-content/cache/autoptimize/js/autoptimize_5dd90da4735596921829dacc461fe36f.js></script></body></html> <!-- Performance optimized by W3 Total Cache. Learn more: https://www.w3-edge.com/products/ Page Caching using disk: enhanced Minified using disk Database Caching 53/65 queries in 0.021 seconds using disk Served from: gdpr.eu @ 2025-02-18 22:29:43 by W3 Total Cache -->

Pages: 1 2 3 4 5 6 7 8 9 10