Personal data

Personal data refers to any information relating to an individual that can lead to their direct or indirect identification. This includes data that may appear neutral on its own, such as age or weight, but which, when combined with other information, can identify a specific person. (Regulation (EU) 2016/679, Article 4.)

Special categories of personal data

Special categories of data are types of personal data that are considered particularly sensitive and need additional protection under data protection law (Regulation (EU) 2016/679, Article 9). This includes, for example, medical data, which can reveal information about a person’s health. In guideline development, these data need careful handling to ensure participants’ privacy and to comply with legal and ethical standards.

Processing of personal data

Processing refers to any operation carried out on data, including collection, modification, correction, storage, access, analysis, and backups. The processing of personal data relating to health, race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (when used for identification purposes), sex life, or sexual orientation is, in principle, prohibited in section 1 of Article 9 GDPR (Regulation (EU) 2016/679, Article 9). Exceptions are permitted, for example when the processing is necessary for the promotion and protection of public health, including population research (see sections 2a, h and i of Article 9 in the GDRP 2016/679.)

Medical and health data may be processed for research purposes as part of guideline development. The legal basis for this processing is scientific research, and the information obtained from patients is indispensable for developing accurate and implementable recommendations for healthcare providers. In addition to scientific evidence, there is also a need to assess the feasibility and acceptability of these recommendations for the patients concerned. Participants involved in guideline development may be asked to sign an informed consent form, a requirement of the ethics committee.

A data controller may supervise the processing of health data used in guideline development. All staff members who need access to personal and health data for guideline purposes must sign a confidentiality agreement, so are bound by the same strict confidentiality as applied in the scope of professional secrecy.

Anonymisation compared with pseudonymisation

Pseudonymisation consists of transforming personal data so that it can no longer be attributed to a specific individual without using additional information, provided that such additional information is kept separate and is protected by appropriate technical and organisational measures (European Data Protection Board). These measures must ensure that the personal data cannot be attributed to an individual without this separate information. In practice, this may mean replacing personal identifiers (such as surname, first name, date of birth or telephone number) in a dataset with indirectly identifying information (such as an alias or sequential number). Pseudonymised data remains personal data and so the GDPR still applies.

Anonymised data is data that has been made anonymous in such a way that the individual is not, or is no longer, identifiable by any means that are reasonably likely to be used. Techniques of anonymisation include using pseudonyms, removal of direct personal identifiers (for example, name or email address), generalisation (for example, changing an exact age to an age band) and aggregation (such as reporting totals and averages). When anonymisation is implemented properly, the GDPR no longer applies to the anonymised data. (European Data Protection Board).