Changes for page Onboarding to the Medical Informatics Platform MIP
Last modified by melissargos on 2024/10/11 18:22
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -67,12 +67,10 @@ 67 67 === //MIP and data anonymisation// === 68 68 69 69 70 -**Note**: (% style="color:#27ae60" %)**The MIP is handling anonymised data.**(%%) The definition for anonymisation (//ISO standard (ISO 29100:2011)//) of personal data is the process of encrypting or removing personally identifiable data from data setsso that a person can no longer beidentified directly or indirectly (see also **Recital 26 of the GDPR)**. As soon a person cannot be re-identified the data is no longer considered personal data and the GDPR does not apply for further use.70 +**Note**: (% style="color:#27ae60" %)**The MIP is handling anonymised data.**(%%) The definition for anonymisation (//ISO standard (ISO 29100:2011)//) of personal data is the process of encrypting or removing personally identifiable data from data so that a person can no longer be directly or indirectly identified (see also **Recital 26 of the GDPR)**. As soon a person cannot be re-identified the data is no longer considered personal data and the GDPR does not apply for further use. 71 71 72 -However, processing personal data **for the purpose to anonymise the data** is still processing that must have a **legal basis under Article 6 of GDPR**. The anonymisation process iswhatis knownas “**further processing**”.Assuchthenewprocessing must be compliant with the principle of purpose limitation.Mostoften,the legalbasisfthecontroller’s/processor’sfulfillingcontract orlegitimateinterest willapply,ifthe principlesof collection,purpose,retentionhavebeencomplied with.72 +However, processing personal data **for the purpose of anonymisation** is still processing that must have a **legal basis under Article 6 of GDPR**. The anonymisation process is defined as “**further processing**” and this processing must be compliant with the principle of purpose limitation. The process of data anonymisation can be used to improve data protection compliance, e.g., as part of the “**privacy by design**” strategy, with the goal to improve the protection of the processed data; or as part of the “**data minimisation**” strategy, where data can be anonymised and used without the risk of harming the data subjects. 73 73 74 -The process of anonymization can be used to improve data protection compliance in two main ways: i.e., as part of the “**privacy by design**” strategic work, with the goal to improve the protection of the processed data; or as part of the “**data minimisation**” strategy – where data can be anonymized and used without the risk of harming the data subjects. 75 - 76 76 (% style="color:#27ae60" %)**Both strategies are followed by the MIP.** 77 77 78 78 === MIP concepts and definitions === ... ... @@ -158,6 +158,16 @@ 158 158 (% style="color:#27ae60" %)**Data Transfers (Articles 44-50)** 159 159 160 160 The MIP ensures that any data transfers comply with GDPR’s requirements for international data transfers. This is achieved using DTAs and DSAs, ensuring that data transferred across borders is protected under equivalent data protection standards. If data is transferred, secure file transfer solutions are used. 159 + 160 +**Summary of legal steps to be followed, depending on the purpose of the processing or project:** 161 + 162 +* Patient consent for usage of data for research purposes (specific, general, re-use, anonymisation) 163 +* Ethical clearance for research projects and planned processing 164 +* (% style="color:#c0392b" %)//DPIA * under preparation// 165 +* Data Transfer agreement or Data Sharing Agreement 166 +* Collaboration Agreement 167 +* Data Use agreement 168 +* MIP Installation Agreement 161 161 ))) 162 162 ))) 163 163