"This can happen quite easily if multiple sources are cross-referenced."
Well yes, and what that tells you is that the GP's data, in the example you gave, was not, in fact, anonymous. It was personal. It contained information that could be used to identify the individual. The users of it were just claiming it to be anonymous to circumvent restrictions on handling personal data.
There's only one kind of anonymous data in my book, and that's data which is _impossible_ to convert back to personal data. Yes, that is a very high bar. If it's possible to convert it back to personal data, then it is personal data - even if the law bans such a conversion in one particular country. Converting so-called "anonymised" data back to personal data should be a non-issue, because if it's not really anonymous, it should be handled as personal data already.