Selzer, Annika2021-12-142021-12-142021978-3-88579-708-1https://dl.gi.de/handle/20.500.12116/37733Article 32 GDPR regulates the obligation to implement appropriate technical and organizational measures whenever personal data is being processed. In this paper, we want to link questions arising from taking appropriate technical and organizational measures with considering the chances and limitations of both, personal and anonymized data processing and the potential added value of personal and anonymized data exchange within a smart city context. We demonstrate the link through a legal analysis and 30 structured interviews with smart city participants.enAnonymized DataGDPRPersonal DataSmart CityChances and Limitations of Personal and Anonymized Data Processing10.18420/informatik2021-066Implementing Appropriate Technical and Organizational Measures and Creating Added Value in Smart Cities1617-5468