Text description for figure 2 the way that you should implement this process

Consider your release model

The reason for releasing data will affect your disclosure because identifiability risk differs depending on the nature of that disclosure.

Remember:

publication to the world at large carries more risk (eg under freedom of information or the open government licence); and
disclosures to pre-defined recipients on discretion (eg for research purposes or in your own commercial interests) are easier to assess and control – but are not without risk.

Consider if personal data is involved.

If yes – people are identifiable from the data, or you’re not sure – the undertake your identifiability risk assessments and anonymisation processes.

Take into account

the costs of and time required for identification;
the possibility to link other data to allow identification of people
the available technology at the time of the processing
the anonymisation techniques available
the quality of the data after anonymisation has taken place (and whether this meets the needs of the organisation using the data); and
whether identification is reasonably likely to be attempted, how successfulany attempt may be, and who may undertake it, eg via the motivated intruder test.

If no, people are not identifiable from the data, then data protection law does not apply, if the disclosure does not include personal data.

Test their effectiveness

Test the data and your processes.

Document this (eg as part of a DPIA).

Is it still reasonable likely that a person is identifiable?

If yes, identifiability risk is too high.

If no, identifiability risk is sufficiently remote.

Consider making further adjustments and re-testing the data again.

If you cannot reduce the risk to a sufficiently remote level, do not disclose or publish unless the processing complies with data protection law (and any other relevant requirement).

Keep undertaking this process

Back to the guidance: "How do we ensure anonymisation is effective?"