Anonymization is the irreversible removal or alteration of personal identifiers in a dataset so that identification of the data subject is no longer possible, even with additional knowledge. Anonymized data is no longer subject to the GDPR.
In an ISMS context, anonymization is relevant to ISO 27001 Annex A control A.8.11 (Data Masking) and plays a role in protecting personal data in test environments, analytics, and data sharing with third parties. The key distinction is from pseudonymization: pseudonymization allows re-identification in principle, while anonymization by definition does not. Techniques include k-anonymity, differential privacy, and removal of indirect identifiers (quasi-identifiers).