Personal data irreversibly transformed so that the individual cannot be identified by any means whatsoever.
Anonymised data is personal data that has been irreversibly altered such that the Data Principal is not identifiable, considering all reasonably available means. Once data is truly anonymised, it falls outside the scope of DPDPA — the Act no longer applies to it. The anonymisation must be irreversible; if there is any reasonable possibility of re-identification, the data remains personal data subject to full DPDPA obligations.
Properly anonymised data is exempt from DPDPA. This means you can use it freely for analytics, AI training, and research without consent obligations. However, the bar for true anonymisation is extremely high.
A Jaipur analytics startup aggregates transaction data from 50,000 users into statistical trends with no individual-level granularity. If no user can be re-identified from the aggregate — even when combined with external datasets — this anonymised output is outside DPDPA scope.
Removing names and email addresses is NOT anonymisation. If records can be re-identified through combinations of age, location, and purchase history, the data remains personal data under DPDPA.