City Research Online

Pseudonymisation in the context of GDPR-compliant medical research

Basdekis, I., Kloukinas, C. ORCID: 0000-0003-0424-7425, Agostinho, C. , Vezakis, I., Pimenta, A., Gallo, L. & Spanoudakis, G. ORCID: 0000-0002-0037-2600 (2023). Pseudonymisation in the context of GDPR-compliant medical research. In: 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN). 19th International Conference on the Design of Reliable Communication Networks (DRCN), 17-20 Apr, 2023, Vilanova i la Geltrú, Spain. doi: 10.1109/DRCN57075.2023.10108370


Pseudonymisation is a data protection technique often used to protect the privacy of individuals when their personal data are being used for research purposes. Not only is it a key ingredient of the General Data Protection Regulation (GDPR) that requires organisations to ensure that the personal data they process is handled in a secure manner, but it is particularly important in assisting medical research given that often relies on sensitive personal data, since it reduces the risk that medical data could be misused or mishandled. For managing their medical data, it is important to ensure that such data are protected against unauthorised access, and can be reutilised in an anonymous fashion, while still authorised personnel is able to identify the study participant that some data belong to (e.g., for personalised interventions, technical alerts, technical support). In addition, the re-identification of a study participant is a pre-requisite for exercising their rights under the GDPR, since it assists organisations in meeting GDPR requirements (such as the right to access, rectify and portability of data). We argue that the application of pseudonymisation is particularly effective when considered during the early stages (Privacy by Design) of digital services implementation, as well as when defining the complementary to these organizational procedures. Aim of this paper is to present the way in which the pseudonymisation mechanism of the SMART BEAR H2020 project supports the triptych of research activities conducted within the context of an observational medical study, legal obligations arising from the regulatory framework for the protection of personal data, and reutilisation of data for research purposes. Evidence-based security and privacy assessments will be conducted on two different H2020 projects to evaluate such privacy practice.

Publication Type: Conference or Workshop Item (Paper)
Additional Information: © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Publisher Keywords: pseudonymisation, privacy, data minimisation, GDPR, observational studies
Subjects: H Social Sciences > HD Industries. Land use. Labor
L Education > LB Theory and practice of education > LB2300 Higher Education
R Medicine > RA Public aspects of medicine > RA0421 Public health. Hygiene. Preventive Medicine
Departments: School of Science & Technology > Computer Science
[thumbnail of DRCN23-quasi-final-2023075328.pdf]
Text - Accepted Version
Download (621kB) | Preview


Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email


Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login