General Data Protection Regulation (GDPR)
Table of Contents
Chapter I – General provisions
Chapter II – Principles
Chapter III – Rights of the data subject
Chapter IV – Section 4
Chapter V – Section 5
Chapter VI – Independent supervisory authorities
Chapter VII – Cooperation and consistency
Chapter VIII – Remedies, liability and penalties
Chapter IX – Provisions relating to specific processing situations
Chapter X – Delegated acts and implementing acts
Chapter XI – Final provisions
Recitals (173)
Recital 26
(26) The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments. The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.