With the forthcoming introduction of GDPR (general data protection regulation) the need to be able to anonymise data as a part of a data-centric approach to security is becoming more pressing. This Market Update compares the capabilities of different data masking vendors that provide anonymisation capabilities. In practice, in terms of the masking techniques that are supported, the market is relatively mature. However, there remain distinct differences between suppliers in terms of the sorts of data (structured, semi-structured, unstructured) that can be masked, the supported environments (especially NoSQL), and the ability to identify sensitive data accurately and with a minimum of false positives (and negatives). While the focus in this paper is on static data masking, both dynamic data masking and format preserving encryption (FPE) are also discussed.