Two German state regulators have called for a change in attitudes towards data protection impact assessments and anonymisation, and said their work in the past year has focused on the compliance of technical systems used by the private sector with cybersecurity requirements.