Skip to ContentSkip to Navigation

Digital Competence Centre

your one-stop for research IT and data
Guides

Privacy & Protection

Anonymisation and Pseudonymisation

Anonymisation

involves removing direct and indirect personal identifiers. Anonymization is important for data processing and data sharing. Removing or aggregating all personal indirect identifiers can make data sets useless for research. It is important to put administrative and technical measures in place when some records in a research dataset are re-identifiable.

Pseudonymisation

involves separating directly identifying personal data from substantive data, optionally maintaining a link through an arbitrary key. The GDPR explicitly mentions pseudonymisation as one approach for GDPR requirements compliance, increasing the privacy and security of personal data processing.

Consent for processing personal data

Consent is one of the legal grounds for processing personal data for scientific research.

If consent is the legal ground for the processing of the data, the controller shall be able to demonstrate that the participant has consented to the processing of his/her data and, that consent meets the requirement defined by GDPR.

All the information provided to the participants must be presented in a transparent and easily accessible way, using clear and understandable language.

To facilitate the communication with the participant the controller may also use a combination of methods, such as privacy statements/notices, information on the project’s web page, etc. (layered approach).

The consent must be:

  • Freely given: consent is not valid when the data subject has no real choice, feels compelled or pressured to consent or will endure negative consequences if they refuse or withdraw consent.
  • Specific: the consent must specify the purpose(s) for which the data are processed.
  • Informed: providing exhaustive information to the participants is essential to their ability to make informed decisions.
  • Unambiguous: the wishes of the participants to agree to the processing of their data means must be clear.

The minimum requirement for consent are:  

  • the identification of the data controller, joint-controllers (if the case) and, the contact details of the Data Protection Officer;  
  • the description of the purpose(s) of the data processing;  
  • the description of the subject’s rights, in particular, the right and the procedure to withdraw consent and the right to lodge a complaint with a supervisory authority;
  • information as to whether data will be shared with or transferred to third parties and for what purposes; and  
  • how long the data will be retained before they are destroyed.

Examples and templates of consent statements, specifically for use with interviews, are available on the DANS website

Special categories of data

Special categories of data (formerly known as ‘sensitive data’) are data revealing information about:

  • racial or ethnic origin,
  • political opinions,
  • religious or philosophical beliefs,
  • trade union membership,
  • genetic data, biometric data for the purpose of uniquely identifying a natural person,
  • health,
  • person’s sex life or sexual orientation.

Processing of special categories of personal data is forbidden except when there is explicit consent!

Based on the GDPR in Dutch law, the processing of special categories of data is also allowed when:

  • it is necessary for the research purpose; and
  • the processing is proportionate to the aim pursued; and
  • the essence of the right to data protection are respected; and
  • the controller provides suitable and specific measures to safeguard the fundamental rights and the interests of the data subjects.

Data Encryption

Data protection requirements

  • Encryption is mentioned by the GDPR as one of the measures to mitigate privacy and security risks (Recital 83).
  • Encryption is the process of encoding a message or information using an algorithm - a cipher - in such a way that only someone with the appropriate key may access it.

Encryption ensures data security as follows:

  • Confidentiality: using the right encryption type and protocol ensures only people with access to the key and access to the encrypted data can process the data.
  • Availability: a proper key management is required to ensure unintended key disclosure or erasure (i.e. key is lost/corrupted) does not affect data availability. Key management can be either local or institutional, i.e. creating more than one key, key exchange, key revocation, etc.
  • Properly encrypted data can be safely sent and stored in relatively insecure environments (i.e. email).
  • Integrity: Besides encryption, data can also bedigitally signed, which enables checking the integrity of the data and the identity of the data sender/encrypter (sender authentication).
Data encryption with Veracrypt

With Veracrypt you can create a virtual disk that is entirely encrypted (including file names, allocation tables, free space, etc.) and behaves like a real disk. You can create such a disk on any storage device, such as your laptop, but also on the university network drive (X and Y) or a cloud storage like Unishare or Google Drive.

You can save (or copy, move, etc.) files to this virtual disk and they will be encrypted on the fly as they are being written.
If you open a file stored on a VeraCrypt volume, for example, in media player, the file will be automatically decrypted to RAM (memory) on the fly while it is being read.

Veracrypt is available in the UWP.

More information and a user guide is available as PDF document. When you start Veracrypt in UWP the user guide is also available.

If you need assistance in using Veracrypt, please contact the CIT servicedesk

Data encryption with Bitlocker

Bitlocker

Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer.
BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.

Source: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview

Bitlocker is a build-in feature in Windows. Accesssible from all Windows distributions but for the Home version. The default MWP (MedewerkersWerkPlek) installed on all UG laptops has BitLocker on board.
Just type BitLocker in the search bar.

Most important is that you save the recovery key to a safe place. We advise you to save it to a file and save that file to multiple places like f.i. a pen drive and your X:\ drive. If you lose that key, access to the data on the hard disk of the laptop is impossible.

Pseudonymisation and GDPR

In the GDPR pseudonymisation is required and defined as follows: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Article 4;

If the purposes for which a controller processes personal data do not or do no longer require the identification of a data subject by the controller, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the data subject for the sole purpose of complying with the data protection regulation (Art. 11).

Pseudonymisation is specifically mentioned as a possible measure  to ensure respect for the principle of data minimisation in derogations for scientific and historical research (Art. 89).

The following GDPR recitals refer to pseudonymisation:

  • Pseudonymous data is still personal data - it is not anonymous. (Rec. 26).
  • Pseudonymisation is a data risk reduction measure (Rec. 28).
  • Technical and organisational measures must ensure that the additional information necessary for re-identification is kept separately within the same controller and that the authorised persons are indicated (Rec. 29)
  • Personal data should be pseudonymised as soon as possible (Art. 89 and 25, Rec. 78).
Last modified:27 May 2021 1.36 p.m.