Came across this article that has particular implications for GDPR and what we consider treating as PII and how careful we need to be what gets exposed.
Quote from the article "...Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model ... "
For those interested - the math is also published.
The implications are far reaching. The extent to what we classify as identifying data is significantly increased. The physical separation (separate satellite) that is the standard practice, becomes even more important to prevent accidental exposure and more.
Would be interested to what degree and lengths you are going to deliver on these privacy concerns.