Handling sensitive data throughout the data lifecycle

Pseudonymised data is subject to stricter data security requirements, so it is recommended to assess at each stage of the sensitive data lifecycle whether it would be feasible to use anonymised data.

Important aspects in handling sensitive data

Pseudonymisation Anonymisation
Data collection and input Allows you to stay connected to your identity while protecting your data. Not applicable to all types of research, as anonymising data at this stage removes the possibility of later linking it to a specific person.
Data storage Reduces risks in the event of a data breach, while maintaining the link to a specific person. Only suitable for data that no longer requires an identity link. For example, to avoid repeated collection of data on the same person, data are linked to the data subject at the data collection stage and anonymised at subsequent stages.
Data processing and analysis Particularly suitable when you need to track data from the same person over a longer period of time or from different data sources. Suitable when only aggregate statistics or trends are needed, without a link to identity.
Sharing data with third parties Can only be used in the case of a contract with a business partner that strictly specifies the permitted data activities. Universally applicable as it reduces risks and legal obligations.
Data publication Only applicable in certain cases, as there is a high risk of identity restoration (or de-anonymisation). Only possible if the data subject has given consent to the disclosure of pseudonymised personal data. A secure way to publicly disclose data.
Data re-use Only possible if the data subject has given consent to the re-use of pseudonymised personal data and the objectives of the study remain the same. In other cases obtaining the consent of the participants again before re-using the data. When using any data, you should always take into account licences the restrictions specified. No specific restrictions, unless required by the licence.

Practical example

Medical study on diabetes
  1. Initial data collectionPatient data are pseudonymisedby assigning each patient a code (P001, P002), but retaining the possibility to contact patients for further information.
  2. Data analysis during the study: data remain pseudonymisedto track the progress of each patient.
  3. Sharing data with other researchers: data are anonymisedto prevent other researchers from identifying patients.
  4. Publication of study results: are published anonymised data without the possibility to identify specific patients.
This example illustrates how both methods can be used at different stages of the data lifecycle, depending on the specific needs and risks. Similarly, different researchers may have access to different datasets depending on their needs.
The following will describe in more detail how to implement pseudonymisation and anonymisation.

Handling sensitive data throughout the data lifecycle

Pseudonymised data is subject to stricter data security requirements, so it is recommended to assess at each stage of the sensitive data lifecycle whether it would be feasible to use anonymised data.

Important aspects in handling sensitive data

Pseudonymisation Anonymisation
Data collection and input Allows you to stay connected to your identity while protecting your data. Not applicable to all types of research, as anonymising data at this stage removes the possibility of later linking it to a specific person.
Data storage Reduces risks in the event of a data breach, while maintaining the link to a specific person. Only suitable for data that no longer requires an identity link. For example, to avoid repeated collection of data on the same person, data are linked to the data subject at the data collection stage and anonymised at subsequent stages.
Data processing and analysis Particularly suitable when you need to track data from the same person over a longer period of time or from different data sources. Suitable when only aggregate statistics or trends are needed, without a link to identity.
Sharing data with third parties Can only be used in the case of a contract with a business partner that strictly specifies the permitted data activities. Universally applicable as it reduces risks and legal obligations.
Data publication Only applicable in certain cases, as there is a high risk of identity restoration (or de-anonymisation). Only possible if the data subject has given consent to the disclosure of pseudonymised personal data. A secure way to publicly disclose data.
Data re-use Only possible if the data subject has given consent to the re-use of pseudonymised personal data and the objectives of the study remain the same. In other cases obtaining the consent of the participants again before re-using the data. When using any data, you should always take into account licences the restrictions specified. No specific restrictions, unless required by the licence.

Practical example

Medical study on diabetes
  1. Initial data collectionPatient data are pseudonymisedby assigning each patient a code (P001, P002), but retaining the possibility to contact patients for further information.
  2. Data analysis during the study: data remain pseudonymisedto track the progress of each patient.
  3. Sharing data with other researchers: data are anonymisedto prevent other researchers from identifying patients.
  4. Publication of study results: are published anonymised data without the possibility to identify specific patients.
This example illustrates how both methods can be used at different stages of the data lifecycle, depending on the specific needs and risks. Similarly, different researchers may have access to different datasets depending on their needs.
The following will describe in more detail how to implement pseudonymisation and anonymisation.