May 25, 2018. This was the date every company and organization had to be GDPR compliant. What we see two years later is that many organizations still struggle to comply with the GDPR rules. Important concepts in the GDPR context are anonymisation and pseudonymisation. As such none of them is mandatory under GDPR. Securing and protecting data however is mandatory, and both anonymisation and pseudonymisation are effective methods to do so and therefore they are strongly recommended.