How GDPR Enhances Transparency and Fosters Pseudonymisation in Academic Medical Research

The European General Data Protection Regulation (GDPR) has dotted the i’s and crossed the t’s in the context of academic medical research. One year into GDPR, it is clear that a change of mind and the uptake of new procedures is required. Research organisations have been looking at the possibility to establish a code-of-conduct, good practices and/or guidelines for researchers that translate GDPR’s abstract principles to concrete measures suitable for implementation. We introduce a proposal for the implementation of GDPR in the context of academic research which involves the processing of health related data, as developed by a multidisciplinary team at the University Hospitals Leuven. The proposal is based on three elements, three stages and six specific safeguards. Transparency and pseudonymisation are considered key to find a balance between the need for researchers to collect and analyse personal data and the increasing wish of data subjects for informational control.