Third-party redaction is the removal of other people's PII from a DSAR pack. GDPR Art. 15(4) says a copy must not adversely affect the rights of others. anonym.plus marks that data on your device, so you balance access against their privacy.
When this applies
A subject asks for their file, but it names co-workers, witnesses, and other clients. Art. 15(4) means their PII cannot ride along in the disclosure.
How anonym.plus handles it
- Open the subject's file in anonym.plus on your device.
- The tool scans for every name, contact, and ID in the text.
- Tell it which identity is the subject's own.
- Mark all other people's PII for removal.
- Black out or swap each one, then check the balance.
- Save the clean copy on your machine.
What you need to provide
- The subject's file (PDF, DOCX, TXT, email export, or scan).
- An operator: Redact for full removal of others' details.
- An allow-list holding the subject's own identifiers.
PII entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | co-worker Lena Voss → [PERSON] |
| Contact | EMAIL_ADDRESS | l.voss@example.com → [EMAIL] |
| Contact | PHONE_NUMBER | 0151-555-0199 → [PHONE] |
| Identifiers | NATIONAL_ID | staff no. 44821 → [ID] |
| Location | LOCATION | home address → [ADDRESS] |
| Names | PERSON | witness J. Marek → [PERSON] |
Compliance achieved
- Meets the rights-of-others test in GDPR Art. 15(4).
- Keeps the subject's data while hiding everyone else's PII.
- Offline work means no third party sees the file at any step.
- 340+ PII entity types catch indirect clues, not just names.
Anonymize DSAR responses offline — see plans & start free →
Limitations & cautions
Art. 15(4) asks you to weigh access against others' rights. The tool flags candidate PII; the balance is yours to strike. A name alone may be fine to keep, or it may harm someone. Judge each case, then redact.
Frequently asked questions
What does Art. 15(4) actually require?
A copy of the data must not adversely affect the rights and freedoms of others. In practice you redact third-party PII unless disclosure is fair and reasonable.
Can I keep a colleague's name if it is harmless?
Sometimes. The balance is a legal judgment. anonym.plus flags the name so you can keep or remove it; it does not decide for you.
Will this catch indirect clues, not just names?
Yes. With 340+ entity types it flags emails, phones, IDs, and locations that point to a person even when no name appears.