While there is tendency to publicly acclaim GDPR as a wonderful advancement, the sad truth is that EU operators now need sophisticated techniques to extract at least part of the knowledge that is freely available in other Countries. One of the main tools is Data Anonymization. Full anonymization amounts to data destruction. But there are levels. What is actually required to be compliant? How different situations require different anonymization levels? How to measure?