The name, address, and full postcode must be removed, together with any other information which, in conjunction with other data held by or disclosed to the recipient, could identify the patient.
More precisely, that data must be processed in such a way that it can no longer be used to identify a natural person by using “all the means likely reasonably to be used” by either the controller or a third party.
Reference is made to codes of conduct as a tool to set out possible anonymisation mechanisms as well as retention in a form in which identification of the data subject is “no longer possible”.
[5] There are five types of data anonymization operations: generalization, suppression, anatomization, permutation, and perturbation.
[8] Research by data scientists at Imperial College in London and UCLouvain in Belgium,[9] as well as a ruling by Judge Michal Agmon-Gonen of the Tel Aviv District Court,[10] highlight the shortcomings of "Anonymisation" in today's big data world.