Data anonymisation

Anonymisation of data removes its personal nature under the directive, and therefore changes its status in protection terms. However, completely anonymised data is not necessarily the most useful in the context of biomedical research.

What is data anonymisation?

Complete data anonymisation requires the complete removal of all personal identifiers from the data record so that an individual cannot be identified. 

What are identifiers?

Identifiers are details that can uniquely identify the data subject, whether alone or when combined. These may include name, date of birth, gender, address, medical service number, and so on.

Pseudonymisation or coding involves attaching alternative identifiers to the data record, replacing the ‘real’ identifiers For example, by changing names or removing some key identifiers and replacing them with a code. A cipher (which allows the breaking of the code to link the pseudonymised data to the original record) will be available.

This cipher may or may not be held by the organisation that holds the pseudonymised data, and in some countries (e.g. the UK and Germany), if the coded/pseudonymised data is held by one organisation and the cipher by another, it is not deemed to be ‘personal’ in nature. However, if one organisation holds both then this is not considered to be the case.

Anonymise or not?

Whether you fully anonymise your data will depend on what you plan to do with that data. In many cases for biomedical research, especially when involving a patient population, maintaining links to medical records is key to achieving the study outcomes. What is key from the data protection point of view is understanding where your data sits within the protection requirements.