One of the major regulatory factors for health informatics is data privacy protection. In the European Union, a shared set of laws has been implemented – the General Data Protection Regulation. While this set of rules aims at harmonizing the European data privacy protection standards, it fails in properly detailing the handling of anonymized data. This is a problem, as, for example many current research initiatives aim at reusing patient data collected within primary care, but lack a patient consent, hence, might rely on anonymized data as being the only alternative. Within this work, we detail different aspects why the concept of anonymity is wrongly handled within the GDPR and give suggestions how the laws could be adapted.