Anonymising and pseudonymising

Anonymisation and pseudonymisation techniques protect the privacy of research participants. If you have personal data, you must anonymise or pseudonymise these to the extent possible to still allow you to answer your research question.

The difference between anonymisation and pseudonymisation is that anonymous data can never be traced back to individuals, while for pseudonymised data it remains possible to restore the link between the data and individuals, for example via a key file. This means that pseudonymised data is still considered personal data and the GDPR applies to it.

The scientific value of a research dataset may be compromised by anonymisation or pseudonymisation. Therefore, only anonymise or pseudonymise to the extent that still allows (re)use of the data. This could mean that research data is not suitable for anonymisation or pseudonymisation and therefore is too sensitive to share or publish.

How to anonymise and pseudonymise

There are several ways to anonymise and pseudonymise your data, depending on the type of research data. There are data anonymisation tools available, such as the ARX Anonymisation tool. You can also manually anonymise or pseudonymise research data. Since anonymisation and pseudonymisation can be difficult, you can always ask your institute’s data steward for help.

Anonymisation

When anonymising, the goal is to remove all information that can be used to directly or indirectly identify an individual:

  • Delete information that you do not use (neither for answering your research question, nor for administrative or other purposes). You must never collect information that you do not need
  • Delete information that is administrative in nature when you no longer need it, for example email addresses for contacting participants
  • Replace information that is relevant for your research question with an alternative or in aggregated form. For example, replace an address by the village, the municipality, the province or even country. If this is not possible, you probably need to pseudonymise your data

Pseudonymisation

Sometimes anonymisation is not possible, because you will lose information that is relevant to your research questions. For example, if you conduct longitudinal research or you temporarily need personal information for administrative reasons. In those cases, you can pseudonymise your data by separating information that can be used to identify an individual from all other data:

  • Create a key file. Replace all identifiable information with pseudonyms (e.g. participant codes) and make a key file that links those pseudonyms to the original information they replaced. Save the key file in a separate location from the pseudonymised data. If the key file only contains administrative personal data, delete it as soon as you no longer need it
  • Not all personal information can be stored in a single key file. In such cases, save the files with personal data separate from the rest and make sure that you minimise access to the personal data. Additionally, you could add extra security measures such as encryption.

Contact

Do you have questions about your research or about the Research Data Management policy? Please contact the data steward of your institute.

Do you have questions about using personal data in research? Please contact the local privacy officer of your faculty or department.