Procurement anonymization is the removal of personal data from purchasing files. Once the result is truly anonymous, it is no longer personal data under GDPR Recital 26. anonym.plus does this on a local EU device and keeps the spend detail usable.
When this applies
Purchasing files name buyers, supplier contacts, and approvers. To study spend patterns or share with analysts, you can anonymize them and drop the GDPR burden.
How anonym.plus handles it
- Open the file in anonym.plus on a local EU device.
- Local OCR reads scanned invoices and orders.
- It flags buyer, supplier, and approver names plus contacts.
- Turn the reversible map off so no key is kept.
- Swap each person for a non-reversible label.
- Save the result. The source never leaves your machine.
What you need to provide
- The file (CSV, PDF, DOCX, or invoice scan).
- Replace, with the map off for full anonymity.
- Optional allow-list for SKU and contract codes.
PHI entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Buyer | PERSON | buyer N. Roth → [BUYER] |
| Supplier | PERSON | rep L. Conti → [CONTACT] |
| Organization | ORGANIZATION | MedSupply GmbH → [VENDOR] |
| Contact | EMAIL_ADDRESS | l.conti@example.com → [EMAIL] |
| Contact | PHONE_NUMBER | +39 02 555 110 → [PHONE] |
| Identifiers | ID | approver login nroth → [USERNAME] |
Compliance achieved
- True anonymity puts the file outside scope by GDPR Recital 26.
- Clears buyer, supplier, and approver personal data.
- On-device work supports EU data residency.
Anonymize procurement records offline — see plans & start free →
Limitations & cautions
Spend figures are usually safe, but a rare line item plus one named supplier can re-identify a contact after names go. Weigh the residual risk and keep no key before you treat the result as anonymous.
Frequently asked questions
Is purchasing data personal data?
Buyer and contact names are personal data under GDPR. Spend figures are not, on their own. Making the file anonymous lifts the duties for a second use.
Anonymous or pseudonymous?
Keep a re-link key and it is pseudonymous, still in scope. Turn the key off and, with low residual risk, Recital 26 takes it out of scope.
Can I keep the SKU codes?
Yes. SKU and contract codes sit on an allow-list, so the spend detail is intact.