CNIL on amonymization (2020, blog post)

including e.g. (via Google Translate)
If these three criteria are not fully met, the data controller who wishes to anonymize a data set must demonstrate, via an in-depth assessment of the identification risks, that the risk of re-identification with reasonable means is zero.

As anonymization and re-identification techniques are subject to regular changes, it is essential for any data controller concerned to carry out regular monitoring to preserve the anonymity of the data produced over time. This watch must take into account the technical means available as well as the other sources of data which can allow to lift the anonymity of the information.

Data deletion concepts (Datenlöschkonzepte) – in German

Corresponding SDM-Baustein (in German):

Context on DIN 66398

Web site on the related German DIN 66398 standard

Link to the free preview version

Article by the editor


Example Vorlage Löschkonzept (googled..)