20.
(1) A data subject may request a data controller or data processor to process their personal data anonymously or pseudonymously where the data subject wishes—
(a) not to be identified;
(b) to avoid subsequent contact such as direct marketing from an entity or third parties;
(c) to enhance their privacy on the whereabouts of a data subject;
(d) to access services such as counselling or health services without it becoming known to others;
(e) to express views in a public arena without being personally identified; or
(f) to minimise the risk of identity fraud.
(3) A data controller or data processor may accede to the request where satisfied that the request is based on any of the reasons specified under sub-regulation (1) and where the request is in the best interests of the data subject.