Processing of sensitive data
An explanation of what data is considered sensitive data and how to keep it safe during the research process can be found in the Sensitive data section of Chapter 3 (Data collection) of this guide.
The processing of sensitive data is necessary to protect the privacy of data subjects, as well as to ensure compliance with the law and ethical standards. To mitigate the risks associated with sensitive and personal data, data processing techniques such as, pseudonymisation and anonymisation. These methods differ in their nature, tools and situations of application, depending on the specificities of the study.
| Pseudonymisation | Anonymisation | |
|---|---|---|
| Definition | The processing of personal data so that they can no longer be directly linked to a specific person without further information. | Processing of personal data in such a way that the data subject can no longer be identified in any way. |
| Reversibility | Reversible (can reconnect with identity). | Irreversible (link to identity cannot be restored). |
| Legal status | Still considered as personal data. | No longer considered personal data. |
| VDAR Application | The GDPR applies in full. | GDPR no longer applies. |
| Security level | Lower than for anonymised data (additional security measures required). | Higher than for pseudonymised data (identification theoretically impossible). |
Processing of sensitive data
An explanation of what data is considered sensitive data and how to keep it safe during the research process can be found in the Sensitive data section of Chapter 3 (Data collection) of this guide.
The processing of sensitive data is necessary to protect the privacy of data subjects, as well as to ensure compliance with the law and ethical standards. To mitigate the risks associated with sensitive and personal data, data processing techniques such as, pseudonymisation and anonymisation. These methods differ in their nature, tools and situations of application, depending on the specificities of the study.
| Pseudonymisation | Anonymisation | |
|---|---|---|
| Definition | The processing of personal data so that they can no longer be directly linked to a specific person without further information. | Processing of personal data in such a way that the data subject can no longer be identified in any way. |
| Reversibility | Reversible (can reconnect with identity). | Irreversible (link to identity cannot be restored). |
| Legal status | Still considered as personal data. | No longer considered personal data. |
| VDAR Application | The GDPR applies in full. | GDPR no longer applies. |
| Security level | Lower than for anonymised data (additional security measures required). | Higher than for pseudonymised data (identification theoretically impossible). |
