The General Data Protection Regulation (GDPR) is a data protection law that applies to the processing of personal data of individuals in the European Union (EU) and the European Economic Area (EEA). Personal data is any information relating to an identified or identifiable natural person, such as name, address, email, phone number, etc12. The GDPR does not apply to personal data that is anonymized, meaning that it cannot be linked back to a specific individual12. Anonymization can be achieved by removing or masking any identifying information from the data, such as using pseudonyms, aggregating or generalizing the data, or applying statistical methods12.
Therefore, the type of data that lies beyond the scope of the GDPR is anonymized data.
Reference:
https://commission.europa.eu/law/law-topic/data-protection/reform/what-personal-data_en#:~:text=Different%20pieces%20of%20information%2C%20which,the%20scope%20of%20the%20GDPR. B. ANONYMIZED Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.