Yes, there a concept of “pseudonymous” data in some of the guidance, which refers to anonymous data which, when taken together, could identify the person - even if some of that data is not held by the data controller. Under those circumstances seemingly anonymous data can fall under the regulation although most companies are very unlikely to consider such nuance in their data policies.

The GDPR applies to data pertaining to an identifiable person. Anonymised data is more or less equivalent to deleted data as far as the regulation is concerned. Source: I was a DPO for 5 years.