Chances and Limitations of Personal and Anonymized Data Processing

Article 32 GDPR regulates the obligation to implement appropriate technical and organizational measures whenever personal data is being processed. In this paper, we want to link questions arising from taking appropriate technical and organizational measures with considering the chances and limitations of both, personal and anonymized data processing and the potential added value of personal and anonymized data exchange within a smart city context. We demonstrate the link through a legal analysis and 30 structured interviews with smart city participants.