Anonymisation is irreversibly transforming data so that a person can no longer be identified from it, by anyone, by any reasonably likely means. Truly anonymised data falls outside data-protection law, because it is no longer personal data — which makes anonymisation a powerful tool, but a demanding one, because the bar is genuine irreversibility, not just hiding the obvious. In surveillance it underlies privacy-preserving analytics: counting people or measuring dwell time from aggregate patterns without ever identifying individuals.
It must be distinguished sharply from pseudonymisation. Pseudonymisation replaces identifiers with a key or reference (a track ID instead of a name) but can be reversed with additional information, so pseudonymised data is still personal data and still regulated — useful for minimisation, but not an exit from the law. Anonymisation, done properly, cannot be reversed; the EDPB has stressed that the test is whether re-identification is reasonably possible, including by linking with other data.
The pitfall is calling something anonymised when it is only obscured. Video is unusually hard to anonymise: a blurred face can sometimes be reconstructed, and gait, clothing, context, and movement can re-identify a person even without a clear face — so "we blurred the faces" is not automatically anonymisation. Treat reversible masking and pseudonymous tracking as still-personal data subject to the full regime, reserve the "anonymised" label for outputs you can defend as genuinely irreversible (typically aggregate statistics, not video), and verify the re-identification risk honestly. This is engineering guidance, not legal advice — confirm specifics with qualified counsel.
