re-identifying anonymized data
If it can be re-identified, then it hasn't been properly anonymized in the first place.
The fine should be on the organisation that claims to have anonymized the data for failing to do so, not on the person who did the de-anonymization.