Anonymisation of personal data

Guidance on the anonymisation of personal data and when and how to do it.

What is anonymisation?

Anonymisation is the complete and irreversible removal of any information that could lead to an individual being identified, either from the removed information itself or this information combined with other data held by the University.

When should I anonymise information?

Data protection law regulates the handling of "personal data" which is information about living, identifiable individuals. It is good data protection practice to limit the number of people that have access to personal data. In some cases, this can be done by anonymising the information. In particular, when personal data is to be shown to a wider audience it will be, in most circumstances, appropriate to anonymise it.

Example scenario 1

Student Systems have set retention times for all student records they keep. Once that retention time is over, they can delete the names, addresses and matriculation numbers from the records. If there is no way for individual students to be identified through other means, such as, for example, the only female student in a class of 5, then they can retain the anonymised data sets for statistical analyses.

How can I be sure that I have completely anonymised information?

Anonymised data means that all identifiers have been irreversibly removed and data subjects are no longer identifiable in any way.

Information is fully anonymised if there are at least 3-5 individuals to whom the information could refer. For example, if your data relates to an individual of a specific gender and ethnicity living at a certain postcode you can increase the number of people to whom it could refer by only using the first 3 digits of the postcode.

Is anonymised information still 'personal data'?

No, if the information has been fully anonymised it is not personal data and therefore not covered by the Data Protection Act.

What do I do if I can't fully anonymise information?

Full anonymisation is often difficult to attain. In most cases the information can only be partially anonymised and therefore will still be subject to data protection legislation. If you can't fully anonymise information it is still good practice to partially anonymise it as this limits the ability to identify people.

Example scenario

If you remove people's names from a dataset about University students, but leave their matriculation number, the information has not been anonymised, as it is still possible to identify the people concerned. However, it will be more difficult for the people working with the dataset to identify them.

Partial anonymisation and pseudonymisation

Full anonymisation is often difficult to attain and for research, often not desirable. In most cases the information can only be partially anonymised and therefore will still be subject to data protection legislation. If you can't fully anonymise information it is still good practice to partially anonymise it as this limits the ability to identify people, or to pseudonymise.

Pseudonymisation is a privacy-enhancing technique;  it is a process rendering data neither completely anonymous nor directly identifying. With pseudonymisation you separate personal data from direct identifiers so that linkage to an identity is no longer possible without the additional information that is held separately. It is important to note that pseudonymised data is not exempt from data protection legislation.

If you pseudonymise a research dataset by keeping the data and the identifiers separate and send the pseudonymised data to another University without also sending the identifiers, then the other University will process anonymised data. You, however, will still process personal data as you can still at any time re-identify individuals.

Example scenario 1

If you remove people's names from a dataset about University students, but leave their matriculation number, the information has not been anonymised, as it is still possible to identify the people concerned. However, it will be more difficult for the people working with the dataset to identify them.

Example scenario 2

You are working on a research project that involves data about people, not everyone involved in the project may need to know the identity of the research subjects. If you are giving a presentation about the research, it is extremely unlikely that the identity of the subjects, or information that could lead to them being identified, is necessary for the presentation.

More guidance

The Information Commissioner's Office (ICO) has produced a Code of Practice on Anonymisation which provides detailed guidance. Please download this through the following link:

ICO Code of Practice on Anonymisation

Please note that this guidance was produced prior to the implementation of the General Data Protection Regulation and the Data Protection Act 2018. The ICO are producing new guidance on anonymisation and pseudonymisation but many of the same principles apply in this existing guidance.

About this guidance

Version Author/Editor Date Edits made
3 Records Management Section June 2018  
4 Data Protection Officer December 2018 Updates due to changes in data protection law

This article was published on