True. For this reason, even anonymous data can usually not be shared as open data. You have to control the environment in which the data is used to control what is "reasonably likely" (see also comment by La1n above).
In my experience, this is a question of interpretation (see e.g. Recital 26 and the question of what is "reasonably likely"). You can ask ten different experts, and you will get ten different opinions.
Unfortunately, many aspects of the GDPR are interpreted very heterogeneously, both in individual countries and by different supervisory authorities within the countries themselves.
For this reason, it is essential that more specific guidelines and certifications are developed for the use of different technologies, including anonymization.
If you're interested in tools such as Amnesia, you might also want to take a look at ARX, which supports much more anonymization methods, including Differential Privacy: