General · Philterd

GDPR Personal Data Redaction

Redact personal data and special-category data as defined by the EU General Data Protection Regulation (GDPR) from documents and records.

View policy → Download JSON → View source on GitHub

v1.0.0 Updated 2026-06-08 Philter >=3.0.0 By Philterd

GDPREUpersonal datadata protectionArticle 4Article 9privacy

The policy

The full gdpr-personal-data.json file. The same content you’d get by downloading. Copy any part of it, or use the buttons in the hero to grab the whole file.

{
  "config": {
    "splitting": {
      "enabled": false,
      "threshold": 4000
    }
  },
  "ignored": [],
  "identifiers": {
    "person": {
      "phEyeFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}",
          "condition": "confidence > 70"
        }
      ]
    },
    "date": {
      "onlyValidDates": true,
      "dateFilterStrategies": [
        {
          "strategy": "TRUNCATE_TO_YEAR",
          "condition": "context == \"birth\""
        }
      ]
    },
    "emailAddress": {
      "emailAddressFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "phoneNumber": {
      "phoneNumberFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "streetAddress": {
      "streetAddressFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "ipAddress": {
      "ipAddressFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "macAddress": {
      "macAddressFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "ibanCode": {
      "ibanCodeFilterStrategies": [
        {
          "strategy": "MASK",
          "maskCharacter": "*",
          "maskLength": "SAME",
          "leaveCharacters": 4
        }
      ]
    },
    "creditCard": {
      "onlyValidCreditCardNumbers": true,
      "creditCardFilterStrategies": [
        {
          "strategy": "MASK",
          "maskCharacter": "*",
          "maskLength": "SAME",
          "leaveCharacters": 4
        }
      ]
    },
    "passportNumber": {
      "passportNumberFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "driversLicense": {
      "driversLicenseFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "medicalCondition": {
      "medicalConditionFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "url": {
      "urlFilterStrategies": [
        {
          "strategy": "REDACT",
          "redactionFormat": "{{{REDACTED-%t}}}"
        }
      ]
    },
    "identifiers": [
      {
        "classification": "national-id",
        "pattern": "\\b(?:national insurance|NI|NINO|personnummer|BSN|NIF|NIE|codice fiscale|tax(?:payer)? id|TIN)[\\s:#]*[A-Z0-9][A-Z0-9 -]{5,}\\b",
        "caseSensitive": false,
        "identifierFilterStrategies": [
          {
            "strategy": "REDACT",
            "redactionFormat": "{{{REDACTED-NATIONAL-ID}}}"
          }
        ]
      },
      {
        "classification": "vat-number",
        "pattern": "\\b(?:VAT|VAT(?:IN|No))[\\s:#]*[A-Z]{2}[0-9A-Z]{2,12}\\b",
        "caseSensitive": false,
        "identifierFilterStrategies": [
          {
            "strategy": "REDACT",
            "redactionFormat": "{{{REDACTED-VAT}}}"
          }
        ]
      }
    ]
  }
}

Example

Input

Data subject Anna Müller (DOB 1985-04-12) lives at Hauptstraße 5, Berlin. Email anna.mueller@example.de, phone +49 30 123456. IBAN DE89370400440532013000. National Insurance NINO QQ123456C. Diagnosed with asthma.

Output

Data subject {{{REDACTED-person}}} (DOB 1985) lives at {{{REDACTED-streetAddress}}}, Berlin. Email {{{REDACTED-emailAddress}}}, phone {{{REDACTED-phoneNumber}}}. IBAN ****************3000. {{{REDACTED-NATIONAL-ID}}}. Diagnosed with {{{REDACTED-medicalCondition}}}.

Entities this policy acts on

NAMEDATEEMAILPHONEADDRESSIPMACIBANCREDIT_CARDPASSPORTLICENSEMEDICAL_CONDITIONURLNATIONAL_IDVAT

What this policy does

Removes personal data — any information relating to an identified or identifiable natural person under Article 4(1) of the GDPR — from documents and records, with extra attention to the special categories of personal data in Article 9 (which includes health data).

The GDPR’s definition of personal data is deliberately broad. It explicitly names online identifiers (IP addresses, device identifiers) alongside the traditional direct identifiers. This policy targets:

Names — redacted (confidence-gated)
Birthdates — truncated to year only when context indicates a birth date; other dates pass through
Email, phone, postal address — redacted
IP addresses and MAC addresses — redacted as Article 4 online identifiers
IBANs and credit card numbers — masked to last 4 visible
Passport and driver’s licence numbers — redacted
Health / medical conditions — redacted as Article 9 special-category data
URLs — redacted (may carry identifiers in query strings)
National identification numbers (NINO, BSN, personnummer, NIF/NIE, codice fiscale, TIN) — redacted
VAT numbers — redacted

When to use this

Transferring records to a processor or third country where a Data Processing Agreement requires minimising identifiable data
Responding to a Subject Access Request (SAR) where third parties’ personal data must be redacted from the disclosed copy
Sharing data for analytics or research under the GDPR’s data-minimisation principle (Article 5(1)(c))
Pseudonymisation workflows (Article 4(5)) where direct identifiers are stripped before further processing
Training or fine-tuning models on data that originated in the EU/EEA

When to customize

National ID formats. The default national-id pattern is keyword-anchored and intentionally broad to span member states. For a single jurisdiction, replace it with that country’s exact format (e.g. a precise UK NINO or Dutch BSN regex) to reduce false positives and negatives.
Name confidence threshold. Default redacts names above confidence 70. Lower it for higher recall (more aggressive redaction), raise it for higher precision.
Date of birth. Default truncates to year on birth context. For full pseudonymisation switch to REDACT; for age-band research, year is usually sufficient.
Special categories. Article 9 also covers racial/ethnic origin, political opinions, religious beliefs, trade-union membership, genetic and biometric data, and sexual orientation. Only health (medicalCondition) is detected automatically here; add custom identifiers or dictionaries for the other categories if your documents contain them.
Pseudonymisation vs anonymisation. Redaction alone may still leave indirectly-identifying data. True anonymisation (data outside GDPR scope) requires assessing re-identification risk across the whole record, not just removing these fields.

Compliance notes

Regulation (EU) 2016/679 (GDPR) — in force since 25 May 2018
Article 4 defines personal data, pseudonymisation, and online identifiers
Article 5 sets the data-minimisation and storage-limitation principles this policy supports
Article 9 governs special categories of personal data (health data is detected here)
UK GDPR + Data Protection Act 2018 mirror these definitions for the United Kingdom post-Brexit; this policy applies equally as a baseline
This policy is a baseline starting point, not a determination of lawful basis, and does not by itself achieve anonymisation under Recital 26. Always assess re-identification risk for your specific dataset.

References

Use this policy

Download and load into your running Philter instance:

# Download the policy
curl -O https://raw.githubusercontent.com/philterd/pii-redaction-policies/main/policies/philterd/general/gdpr-personal-data.json

# Upload to your Philter instance
curl -X POST http://localhost:8080/api/policies \
     -H "Content-Type: application/json" \
     --data @gdpr-personal-data.json

# Redact text using the policy
curl http://localhost:8080/api/filter?p=gdpr-personal-data \
     --data "your text here" \
     -H "Content-Type: text/plain"

No Philter instance yet? Deploy one in 5 minutes → · Want to tune this policy against your data? Talk to the team.

← All policies