Pseudonymisation in the context of GDPR-compliant medical research

Ioannis Basdekis, Christos Kloukinas, Carlos Agostinho, Ioannis Vezakis, Andreia Pimenta, Luigi Gallo, Georgios Spanoudakis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Citations (Scopus)

Abstract

Pseudonymisation is a data protection technique often used to protect the privacy of individuals when their personal data are being used for research purposes. Not only is it a key ingredient of the General Data Protection Regulation (GDPR) that requires organisations to ensure that the personal data they process is handled in a secure manner, but it is particularly important in assisting medical research given that often relies on sensitive personal data, since it reduces the risk that medical data could be misused or mishandled. For managing their medical data, it is important to ensure that such data are protected against unauthorised access, and can be reutilised in an anonymous fashion, while still authorised personnel is able to identify the study participant that some data belong to (e.g., for personalised interventions, technical alerts, technical support). In addition, the re-identification of a study participant is a pre-requisite for exercising their rights under the GDPR, since it assists organisations in meeting GDPR requirements (such as the right to access, rectify and portability of data). We argue that the application of pseudonymisation is particularly effective when considered during the early stages (Privacy by Design) of digital services implementation, as well as when defining the complementary to these organizational procedures. Aim of this paper is to present the way in which the pseudonymisation mechanism of the SMART BEAR H2020 project supports the triptych of research activities conducted within the context of an observational medical study, legal obligations arising from the regulatory framework for the protection of personal data, and reutilisation of data for research purposes. Evidence-based security and privacy assessments will be conducted on two different H2020 projects to evaluate such privacy practice.
Original languageEnglish
Title of host publication2023 19th International Conference on the Design of Reliable Communication Networks (DRCN)
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages6
ISBN (Electronic)978-1-6654-7598-3
ISBN (Print)978-1-6654-7599-0
DOIs
Publication statusPublished - 2023
Event19th International Conference on the Design of Reliable Communication Networks, DRCN 2023 - Vilanova i la Geltru, Spain
Duration: 17 Apr 202320 Apr 2023

Conference

Conference19th International Conference on the Design of Reliable Communication Networks, DRCN 2023
Country/TerritorySpain
CityVilanova i la Geltru
Period17/04/2320/04/23

Keywords

  • data minimisation
  • GDPR
  • observational studies
  • privacy
  • pseudonymisation

Fingerprint

Dive into the research topics of 'Pseudonymisation in the context of GDPR-compliant medical research'. Together they form a unique fingerprint.

Cite this