🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 11 of the GDPR: Processing not requiring identification

Home GDPR articles decrypted Article 11 of the GDPR: Processing not requiring identification
L’Article 11 of the GDPR addresses cases where a data processing does not require the identification of the data subject. It clarifies the obligations of the data controller in these particular situations, in particular with regard to the exercise of individuals' rights.

Article 11 of the GDPR explained

Article 11 provides that if processing does not require the identification of the data subject:

  • The data controller is not required to collect additional information to identify the person solely to enable the exercise of rights (access, rectification, etc.).
  • However, if the person provides additional identifying information, their rights must be respected.

This system is useful in particular for anonymous or pseudonymous processing, when the purpose does not require knowing the precise identity of the individual.

Why is this article important for your GDPR compliance?

It allows you to limit obligations in certain low-risk treatments, while guaranteeing a certain flexibility. It is part of a logic of data minimization, fundamental pillar of the GDPR.

How to comply with Article 11 of the GDPR?

  • Check if the person's identification is really necessary for your processing purposes.
  • If you do not directly identify individuals, indicate this in your privacy policy.
  • Provide a mechanism for people to identify yourself voluntarily if they wish to exercise their rights.
  • Maintain clear documentation of these choices and their rationale.

Examples of application of Article 11 of the GDPR

  • An anonymous statistical analysis site does not store any data allowing users to be identified: it is not required to respond to access requests.
  • A company offers a completely anonymous survey: as long as no data identifies respondents, Article 11 applies.
  • If an anonymous user of a service provides information to gain recognition, then their rights must be activated.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

👉 Request a demo with an expert

⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.
👉 GDPR: Self-assess now

Other articles
on the same subject