I really hope this isn't what is written...
"it will make re-identification of de-identified personal data unlawful"
If you can reidentify it then it wasn't de-identified (whatever that means).
Even ignoring that I suggest that we at least need an exception for research/security analysis - else you can't tell if you have actually anonymised the data.