Publication date: April 29, 2025
The protection of personal data in clinical trials is one of the most important elements of ensuring the safety and privacy of participants in these trials. Due to the fact that clinical trials involve the processing of particularly sensitive health data, their conduct requires compliance with strict rules and the use of appropriate technical and organizational measures. Anonymization and pseudonymization is a key method for securing such data, and its proper application is important from both a legal and practical perspective.
The purpose of this article is to discuss the nature of anonymization and pseudonymization, their role in clinical trials, and the regulations governing the processing of personal data in this context. It will also present practical recommendations for data protection, which include minimizing the information collected, access control, security audits, and compliance with the principles of Good Clinical Practice.
The importance of protecting sensitive research participant data
In the context of personal data, crucial legal provision is Article 9 of the General Data Protection Regulation. It states that the processing of special categories of personal data, including health data, genetic data and biometric data, is generally prohibited, except when certain conditions are met. In the case of clinical trials, the provisions enabling the processing of data for scientific purposes and in the public interest in the field of public health are of key importance.
According to Article 9(2)(h) of the GDPR, the processing of special categories of personal data may be permissible if it is carried out in the framework of scientific or statistical research, provided that appropriate safeguards are provided, such as anonymisation or pseudonymisation of data. In addition, Regulation (EC) No 1338/2008 of the European Parliament and of the Council, concerning statistics on public health, and specifically Article 7(1), emphasises the need to protect the data of research participants, requiring that all data transferred be processed in a way that prevents their direct identification.
National and European regulations governing the protection of personal data
National regulations
The national regulations include the Polish Act of 10 May 2018 on the Protection of Personal Data, which is an act implementing the GDPR into the Polish legal system, it regulates organizational issues related to the functioning of personal data protection authorities and their application. Another legal act is the Polish Act of 6 September 2001 on the Pharmaceutical Law, which regulates the conduct of clinical trials in Poland. It requires study organizers to apply appropriate procedures to ensure the security and confidentiality of personal data of study participants.
It is worth citing here Article 37b of the previously mentioned Act:
” 1. Clinical trials, including bioavailability and bioequivalence studies, are planned, conducted, monitored and reported in accordance with the requirements of Good Clinical Practice.
2. A clinical trial shall be conducted taking into account that the rights, safety, health and well-being of the participants in the clinical trial take precedence over the interests of science and society”.
In the second point of the aforementioned provision, which regulates the principles of conducting clinical trials, the primacy of the rights, safety, health and well-being of research participants over the scientific or social interest is clearly emphasized. To ensure this protection, the following part lists specific requirements that must be met when planning and conducting clinical trials.
Another act is the regulation of the Minister of Health on Good Clinical Practice, which specifies the standards for conducting clinical trials in Poland, including requirements for the storage and processing of personal data, and additionally imposes the obligation to use solutions ensuring confidentiality and access only to those authorized to participate in the clinical trial.
European regulations
European regulations governing the protection of personal data in clinical trials constitute a coherent legal system, which includes both general principles of personal data protection and detailed regulations concerning the conduct of clinical trials. Key legal acts in this area are GDPR, Regulation (EU) No 536/2014 of the European Parliament and of the Council and Regulation (EC) No 1338/2008 of the European Parliament and of the Council.
General Data Protection Regulation (GDPR, EU 2016/679) is the basic legal act of the European Union on the protection of personal data, which has been in force since 25 May 2018. Article 9 of the GDPR prohibits the processing of special categories of personal data, including health data, unless certain conditions are met. Regulation (EU) No 536/2014 of the European Parliament and of the Council harmonises the rules on the conduct of clinical trials throughout the European Union, with particular regard to the safety of participants and the protection of their personal data. The latter regulation ensures high quality statistics on public health and occupational safety throughout the European Union.
Definition and role of data anonymization
In the context of personal data protection, anonymization is one of the most important methods of securing data processed for various purposes, including clinical trials. Anonymization itself involves processing personal data in such a way that it is completely impossible to identify the person whose data it concerns. It is worth remembering that the key feature of anonymization is its irreversibility. Once this process is carried out correctly, the data ceases to be considered personal data, which means that they are no longer subject to the provisions on the protection of personal data resulting from the GDPR.
In practice, anonymization is used to protect the privacy of individuals participating in clinical trials, as well as in statistical analyses and public health reporting. Data that has been anonymized can be safely used in research and decision-making without violating the privacy of the individuals to whom it was originally submitted.
Data anonymization methods
Anonymization of data involves transforming it in such a way that identification of the person to whom it relates is impossible. In clinical trials, the use of effective anonymization methods is crucial to protecting the privacy of participants. The most commonly used methods are:
The use of effective anonymisation in clinical trials is extremely important because it allows the processing of sensitive data without the risk of violating personal data protection principles, while enabling reliable scientific analyses.
Pseudonymisation as a technical measure for data protection
Pseudonymization is a process of processing personal data that involves replacing identifiers that allow direct identification of a person with substitute data, such as serial numbers or randomly generated codes. Unlike anonymization , pseudonymization is a reversible process – using the appropriate key, it is possible to recreate the original data. For this reason, pseudonymized data is still treated as personal data and is subject to the provisions of the GDPR. Pseudonymization plays an important role in the protection of personal data, especially in the context of minimizing the risk of violating the privacy of clinical trial participants. By using this method, it is possible to limit access to sensitive data only to authorized persons, which increases information security and allows for its further processing in a lawful manner.
Pseudonymization methods include secret key encryption, which transforms data into a form that is unreadable to those who do not have the appropriate decryption key. The key must be stored in a secure place, separate from the encrypted data, which provides an additional level of protection. Tokenization, which involves replacing real data with randomly generated tokens that have no connection with the original data. Tokens can be used in place of the original data, allowing them to be processed securely in IT systems without the risk of disclosing personal data. The last method is data masking, which involves hiding parts of the data in order to prevent their identification by unauthorized persons. For example, in an email address, only the initial and final letters can be left visible, masking the remaining characters.
Comparison of anonymization and pseudonymization – legal and practical consequences
Anonymization and pseudonymization differ not only in the way data is processed, but above all in the legal and practical consequences of their use. The key difference is that anonymization is an irreversible process, while pseudonymization allows the original data to be recreated using the appropriate key.
From a legal perspective, anonymization completely excludes data from the GDPR regulations, because after the process is successfully carried out, the data is no longer considered personal data. This means that the organization that carried out the anonymization is not obliged to apply the provisions on the protection of personal data, such as the obligation to provide information or implement protection measures. In practice, however, anonymization has its limitations – the impossibility of reproducing the data means that it cannot be used in situations requiring later identification of the person, e.g. to provide additional research results to the participant.
Pseudonymisation, while reducing the risk of data breaches, does not exempt organisations from complying with the GDPR. Pseudonymised data is still considered personal data, which means that the controller must ensure appropriate safeguards, such as access control, encryption and storing the pseudonymisation key in a separate, secure location. In practice, pseudonymisation enables further processing of data while maintaining its usability, e.g. in clinical trials, where it is important to maintain the possibility of re-contacting participants or providing them with additional information.
From a practical perspective, anonymization is preferred when the purpose of processing is solely statistical analysis or reporting results, because it eliminates the risk associated with identifying individuals. Pseudonymization, on the other hand , is used where personal data must be processed in a way that ensures their security but at the same time allows for identification if required. In clinical trials, pseudonymization is particularly important when participant data must be processed by different entities, such as research sponsors, scientific units or pharmaceutical companies, while maintaining a high level of privacy protection.
Recommendations for data protection in clinical trials
Data Minimization and Access Control
The principle of data minimization is one of the fundamental approaches to protecting privacy and information security, especially in the era of big data, where the amount of collected data is growing at a rapid pace. It consists in limiting the collected, stored and processed personal data to the absolute minimum required to achieve specific purposes. This reduces the risk of privacy violations and potential data leaks.
In clinical trials, data minimization is particularly important due to the sensitivity of the information being processed, such as participants’ health data. Collecting only the data that is necessary to conduct the research reduces the risk of violating participants’ privacy and limits the possibility of unauthorized use of excess information.
Access control involves limiting the ability to process data for those who need it in connection with the performance of their duties, usually professional ones. When clinical trials are involved, it should be remembered that personal data of participants should be accessible to authorized personnel.
In practice, this control primarily means user authorization, i.e. granting access rights based on the role and scope of responsibility within the research team. Additionally, data encryption should be distinguished – the use of tools that encrypt both stored and transmitted data, which effectively prevents them from being read by unauthorized persons, as well as the registration and monitoring of access, i.e. the implementation of mechanisms that record all attempts to access data, and taking action in the event of detection of unauthorized operations.
The application of the data minimization principle combined with effective access control significantly reduces the risk of unauthorized processing of personal data and increases compliance with legal regulations, in particular with the requirements of the GDPR. In clinical trials, this approach not only protects the data of participants, but also builds their trust in the organizers of the study, which is essential for the proper conduct of the research process.
Security audits and staff training
Data security audits are a key element in ensuring compliance with legal regulations and the protection of sensitive information. Regular audits allow for the identification of security gaps, assessment of the effectiveness of the security measures used and compliance with applicable regulations, such as GDPR. In the context of clinical trials, where special categories of data are processed, conducting audits allows for ongoing monitoring of the security of systems processing data of study participants.
During the audit, the following are checked, among others:
Access management procedures – auditors assess whether access to data is limited to authorized persons only, and whether appropriate user authorization and authentication mechanisms are used.
Technical security – the audit includes verification of the security measures used, such as data encryption, intrusion detection and prevention systems, and event monitoring and recording mechanisms.
Compliance with legal regulations – compliance of security policies with national and EU regulations, including GDPR requirements, is checked.
It is also important to train staff on data security and protection during a clinical trial. Such training should include the principles of secure processing of personal data and protection of confidential information, recognizing potential threats such as phishing or social engineering attempts, and procedures for responding to security incidents and reporting breaches.
Principles of good clinical practice
A good place to start is with “ICH GCP”. This is a standard for the design, conduct, execution, monitoring, auditing, recording, analysis and reporting of clinical trials, which ensures that the data and reported results are reliable and accurate and that the rights, integrity and confidentiality of trial participants are protected. This document is an integral part of clinical research work, ensuring the consistency and quality of clinical trials.
The application of the principles of Good Clinical Practice ensures transparency, ethics and credibility of clinical trial results. Thanks to GCP, trial participants are guaranteed protection of their rights and safety, and the obtained results can be recognized by regulatory authorities worldwide. In addition, compliance with GCP principles increases trust in the research process among both participants and the scientific community and supervisory institutions.
When it comes to the basic principles of clinical practice, we can distinguish:
GCP requires that the rights and welfare of participants take precedence over scientific or social interests. Each participant must give informed consent to participate in the study, after having been fully informed about its purpose, course, potential benefits and risks.
All clinical trials must be conducted in accordance with a previously approved study protocol that details the study objectives, methodology, participant inclusion and exclusion criteria, and how data will be analyzed.
GCP requires monitoring of studies to ensure they comply with the protocol, standard procedures, and legal regulations. Monitoring includes, among other things, checking the data collection process and compliance with ethical principles by research personnel.
All data and information related to the study must be carefully documented and stored in a way that allows for later verification. This applies to both participant data and operational documentation such as monitoring reports or participant consents.
GCP requires that all clinical trials be conducted in accordance with applicable national and international laws, including data protection regulations such as GDPR.[1]
Summary
In clinical trials, the protection of participants’ personal data is a priority, and its implementation requires compliance with both national and European regulations. The use of appropriate protection methods, such as anonymization and pseudonymization, minimizes the risk of violating the privacy of participants and allows for the lawful processing of sensitive data.
Anonymization provides complete protection of data by irreversibly transforming it, so that it is no longer considered personal data. Pseudonymization, on the other hand, allows further processing of data while limiting access to information that identifies a person, which is useful in situations where the possibility of later identification of the participant is required.
Applying data minimization principles, effective access control and regular security audits are essential to ensure compliance with legal requirements and protection of research participant data. Adhering to the principles of Good Clinical Practice additionally ensures that research is conducted in an ethical manner, in accordance with international standards and regulations, which builds trust in the entire research process.
[1] Harmonized ICH GCP Principles, Good Clinical Practice Principles