> Bob is a metaphorical term for any part of the the data that is identifiable so if I change any part such as name, address, ip address, customer id etc.. then once I analyse the data it is no longer PII therefore it is not covered by the GDPR.
[I am not a lawyer, etc etc]
As I understand, anonymising a dataset by stripping out PII is fine and unlikely to go too badly wrong. What you've got to be more careful with is pseudo-anonymisation (eg. hashing your PII such that you can still distinguish 'entities') - this can still be considered PII.
Oh and also, I know it was metaphorical, but changing everyone's name to Bob would be a bad idea - there's probably a real Bob in there somewhere and you'd still have PII. Just remove the relevant PII fields entirely and you're golden.