{"component": "clause", "props": {"groups": [{"size": 16, "snippet": "Personal data is processed in such a way that the data can no longer be assigned to a specific data subject without additional information being provided, given that such additional information is kept separately and is subject to appropriate technical and organisational measures. \u2022 Definition of the pseudonymisation rule, possibly based on personnel, customer or patient identification numbers (use of UUID v4) \u2022 Authorisation: Determination of persons authorised to manage the pseudonymisation process, carry out pseudonymisation and, if necessary, de-pseudonymisation \u2022 Random generation of assignment tables or secret parameters used in an algorithmic pseudonymisation \u2022 Protection of assignment tables or secret parameters, both against unauthorised access and against unauthorised use \u2022 Separation of data to be pseudonymised into identifying information to be replaced and further information", "snippet_links": [{"key": "personal-data", "type": "clause", "offset": [0, 13]}, {"key": "the-data", "type": "clause", "offset": [46, 54]}, {"key": "data-subject", "type": "clause", "offset": [95, 107]}, {"key": "additional-information", "type": "definition", "offset": [116, 138]}, {"key": "given-that", "type": "clause", "offset": [155, 165]}, {"key": "appropriate-technical-and-organisational-measures", "type": "clause", "offset": [231, 280]}, {"key": "definition-of-the", "type": "clause", "offset": [284, 301]}, {"key": "based-on", "type": "clause", "offset": [334, 342]}, {"key": "identification-numbers", "type": "clause", "offset": [374, 396]}, {"key": "determination-of", "type": "clause", "offset": [431, 447]}, {"key": "protection-of", "type": "definition", "offset": [677, 690]}, {"key": "unauthorised-access", "type": "definition", "offset": [744, 763]}, {"key": "unauthorised-use", "type": "definition", "offset": [776, 792]}, {"key": "separation-of-data", "type": "clause", "offset": [795, 813]}, {"key": "identifying-information", "type": "definition", "offset": [839, 862]}, {"key": "further-information", "type": "clause", "offset": [882, 901]}], "samples": [{"hash": "3dYij1DlBxl", "uri": "/contracts/3dYij1DlBxl#pseudonymisation", "label": "Data Processing Agreement", "score": 33.413699353, "published": true}, {"hash": "9BwjdtAw0JE", "uri": "/contracts/9BwjdtAw0JE#pseudonymisation", "label": "Data Processing Agreement", "score": 32.6019297354, "published": true}, {"hash": "4lma7mKwaFE", "uri": "/contracts/4lma7mKwaFE#pseudonymisation", "label": "Data Processing Agreement", "score": 32.4352880747, "published": true}], "hash": "d0ce27e6e2f25a1669f0e9eeba988751", "id": 1}, {"size": 2, "snippet": "Pseudonymisation is not currently applied. The application of pseudonymisation procedures is the responsibility of the client.", "snippet_links": [{"key": "application-of", "type": "clause", "offset": [47, 61]}, {"key": "responsibility-of-the-client", "type": "clause", "offset": [97, 125]}], "samples": [{"hash": "93LyIpG4Wap", "uri": "/contracts/93LyIpG4Wap#pseudonymisation", "label": "Controller/Processor Agreement", "score": 32.9633120263, "published": true}, {"hash": "4fIkmRcorX", "uri": "/contracts/4fIkmRcorX#pseudonymisation", "label": "Controller/Processor Agreement", "score": 30.7624684919, "published": true}], "hash": "93aa4903ea70d87f2df086b990d9880c", "id": 3}, {"size": 3, "snippet": "Every processing operation is to be assessed as to whether its purpose can also be realised without direct personal reference. If this is the case, the processing of personal data is to be performed in a manner such that these data can no longer be associated to a specific data subject without reference to additional information. This additional information is to be stored separately and is itself subject to technical and organisational measures intended to ensure that the personal data cannot be associated to an identified or identifiable natural person.", "snippet_links": [{"key": "processing-operation", "type": "definition", "offset": [6, 26]}, {"key": "the-case", "type": "definition", "offset": [138, 146]}, {"key": "the-processing-of-personal-data", "type": "clause", "offset": [148, 179]}, {"key": "data-subject", "type": "clause", "offset": [274, 286]}, {"key": "reference-to", "type": "definition", "offset": [295, 307]}, {"key": "additional-information", "type": "definition", "offset": [308, 330]}, {"key": "subject-to", "type": "definition", "offset": [401, 411]}, {"key": "technical-and-organisational-measures", "type": "clause", "offset": [412, 449]}, {"key": "to-ensure", "type": "clause", "offset": [459, 468]}, {"key": "the-personal-data", "type": "definition", "offset": [474, 491]}, {"key": "identified-or-identifiable-natural-person", "type": "definition", "offset": [519, 560]}], "samples": [{"hash": "bQIMjAU2q2x", "uri": "/contracts/bQIMjAU2q2x#pseudonymisation", "label": "Data Processing Agreement", "score": 28.3792370307, "published": true}, {"hash": "8Zak2dZO2rw", "uri": "/contracts/8Zak2dZO2rw#pseudonymisation", "label": "Data Processing Agreement", "score": 22.6824093087, "published": true}, {"hash": "6ZqTGmWh78f", "uri": "/contracts/6ZqTGmWh78f#pseudonymisation", "label": "Data Processing Agreement", "score": 22.4770704997, "published": true}], "hash": "6b54675b3e7d3a7eb86b69b8d6747146", "id": 2}, {"size": 1, "snippet": "Pseudonymisation means processing personal data in such a way that the data can no longer be attributed to a specific data-subject without the use of additional information, (e.g. a dataset linking trial identifiers to identified or identifiable persons) provided that such additional information is kept separately and under controlled access, to prevent the data being identifiable in isolation. Though theoretically such information could be used to match against a clinical trial dataset and identify individuals, this would be very difficult in practice and could only occur if there was a major breach of security. Sharing of pseudonymous data is recommended and should be the normal expectation. Clinical trial data is pseudonymous when collected, or can be easily turned into pseudonymous data within the research unit, by processing of the data set and splitting off the identifying data points. It would be rare for trial data to become fully anonymised, or at least not until many years have elapsed after data collection. There are legal obligations on sponsors to maintain the pseudonymised dataset, as collected, for many years, the exact time depending on national regulations. In addition, the original investigators, or their institution, may want to use the pseudonymising key in case they wish to return to the same participants to carry out further investigations (assuming they have the ethical approval and / or explicit consent to do so). The advantage of sharing pseudonymised data is that, if the secondary user discovers good reasons for clarifying, expanding or matching some of the data, or even for further investigations with some of the source population, they can contact the holders of the pseudonymous data and discuss if and how this might be achieved, because the individual participants are still (indirectly) identifiable. This does not mean that identifiable or identifying information would be transferred to a secondary user, unless there was explicit consent from the participant for this to happen (though this seems unlikely to be given). It only means that if a case can be made for identifying the individuals in the data set it is at least possible to discuss the possibilities of doing this, including possibly returning to the individuals concerned to request additional consent.", "snippet_links": [{"key": "processing-personal-data", "type": "definition", "offset": [23, 47]}, {"key": "the-data", "type": "clause", "offset": [67, 75]}, {"key": "specific-data", "type": "clause", "offset": [109, 122]}, {"key": "additional-information", "type": "definition", "offset": [150, 172]}, {"key": "identified-or-identifiable", "type": "definition", "offset": [219, 245]}, {"key": "provided-that", "type": "clause", "offset": [255, 268]}, {"key": "controlled-access", "type": "clause", "offset": [326, 343]}, {"key": "in-isolation", "type": "definition", "offset": [384, 396]}, {"key": "such-information", "type": "definition", "offset": [419, 435]}, {"key": "in-practice", "type": "clause", "offset": [547, 558]}, {"key": "breach-of-security", "type": "definition", "offset": [601, 619]}, {"key": "pseudonymous-data", "type": "definition", "offset": [632, 649]}, {"key": "clinical-trial-data", "type": "definition", "offset": [703, 722]}, {"key": "research-unit", "type": "definition", "offset": [813, 826]}, {"key": "data-set", "type": "clause", "offset": [849, 857]}, {"key": "identifying-data", "type": "definition", "offset": [880, 896]}, {"key": "data-collection", "type": "clause", "offset": [1017, 1032]}, {"key": "legal-obligations", "type": "definition", "offset": [1044, 1061]}, {"key": "to-maintain", "type": "clause", "offset": [1074, 1085]}, {"key": "national-regulations", "type": "clause", "offset": [1171, 1191]}, {"key": "in-addition", "type": "clause", "offset": [1193, 1204]}, {"key": "the-original", "type": "definition", "offset": [1206, 1218]}, {"key": "in-case", "type": "clause", "offset": [1295, 1302]}, {"key": "return-to", "type": "definition", "offset": [1316, 1325]}, {"key": "ethical-approval", "type": "clause", "offset": [1408, 1424]}, {"key": "consent-to", "type": "clause", "offset": [1443, 1453]}, {"key": "pseudonymised-data", "type": "definition", "offset": [1487, 1505]}, {"key": "secondary-user", "type": "definition", "offset": [1522, 1536]}, {"key": "good-reasons", "type": "definition", "offset": [1547, 1559]}, {"key": "source-population", "type": "clause", "offset": [1668, 1685]}, {"key": "holders-of", "type": "clause", "offset": [1708, 1718]}, {"key": "individual-participants", "type": "clause", "offset": [1800, 1823]}, {"key": "identifying-information", "type": "definition", "offset": [1901, 1924]}, {"key": "the-participant", "type": "clause", "offset": [2006, 2021]}, {"key": "to-discuss", "type": "definition", "offset": [2196, 2206]}, {"key": "returning-to", "type": "clause", "offset": [2259, 2271]}, {"key": "to-request", "type": "clause", "offset": [2298, 2308]}, {"key": "additional-consent", "type": "clause", "offset": [2309, 2327]}], "samples": [{"hash": "266sb0XxusQ", "uri": "/contracts/266sb0XxusQ#pseudonymisation", "label": "Grant Agreement", "score": 20.8795345654, "published": true}], "hash": "105eec0136325c11cd93b09a75bb6d14", "id": 8}, {"size": 1, "snippet": "Pseudonymisation is replacement of identifying data with made up values. Pseudonyms can be irreversible, where the original values are properly dis- posed and the pseudonymisation was done in a non-repeatable fashion, or re- versible (by the owner of the original data), where the original values are securely kept but can be retrieved and linked back to the pseudonym, should the need arises. \u2022 How to use it: replace the respective attribute values with made up values. One way to do this is to pre-generate a list of made up values, and randomly select from this list to replace each of the original values. The made up values should be unique, and should have no relationship to the original values (such that one can derive the original values from the pseudonyms). For reversible pseudonyms, the identity database cannot be shared with the recipient; it should be securely kept and can only be used by the organisation to resolve any specific queries (however, the number of such queries must be controlled, otherwise they can be used to \u201cdecode\u201d the entire pseudonymisa- tion). \u2022 ICSM performed reversible pseudonymisation. It is used when data values need to be uniquely distinguished and where no character or any other implied information of the original attribute shall be kept.", "snippet_links": [{"key": "replacement-of", "type": "clause", "offset": [20, 34]}, {"key": "identifying-data", "type": "definition", "offset": [35, 51]}, {"key": "the-original", "type": "definition", "offset": [111, 123]}, {"key": "a-non", "type": "clause", "offset": [192, 197]}, {"key": "by-the-owner", "type": "clause", "offset": [235, 247]}, {"key": "original-data", "type": "definition", "offset": [255, 268]}, {"key": "replace-the", "type": "clause", "offset": [411, 422]}, {"key": "a-list", "type": "definition", "offset": [510, 516]}, {"key": "no-relationship", "type": "clause", "offset": [664, 679]}, {"key": "the-recipient", "type": "definition", "offset": [842, 855]}, {"key": "the-organisation", "type": "clause", "offset": [908, 924]}, {"key": "number-of", "type": "clause", "offset": [971, 980]}, {"key": "information-of", "type": "clause", "offset": [1237, 1251]}], "samples": [{"hash": "aiuH1fy91FU", "uri": "/contracts/aiuH1fy91FU#pseudonymisation", "label": "Grant Agreement", "score": 29.4895925671, "published": true}], "hash": "5fefb01ba9479259aaa6f5793f0edbd3", "id": 9}, {"size": 2, "snippet": "Aliaxis Deutschland GmbH observes the principle of data minimisation. If there is no specific purpose for processing a personal data record, the data record is pseudonymised.", "snippet_links": [{"key": "data-minimisation", "type": "clause", "offset": [51, 68]}, {"key": "specific-purpose", "type": "definition", "offset": [85, 101]}, {"key": "data-record", "type": "definition", "offset": [128, 139]}, {"key": "the-data", "type": "clause", "offset": [141, 149]}], "samples": [{"hash": "6kN5oqIZiSu", "uri": "/contracts/6kN5oqIZiSu#pseudonymisation", "label": "Data Processing Agreement", "score": 26.022587269, "published": true}, {"hash": "5eehnqy9Euf", "uri": "/contracts/5eehnqy9Euf#pseudonymisation", "label": "Data Processing Agreement", "score": 24.8631074606, "published": true}], "hash": "502b22553e3ea503dafb251d6ae5e48b", "id": 4}, {"size": 2, "snippet": "As far as possible, the data will be processed in such a way that it can no longer be assigned to a natural person without the use of additional information. The collection of IP addresses is avoided in system administration and any recorded IP addresses are made anonymous via shortening. Possibility of anonymisation / pseudonymisation by the client", "snippet_links": [{"key": "the-data", "type": "clause", "offset": [20, 28]}, {"key": "natural-person", "type": "clause", "offset": [100, 114]}, {"key": "additional-information", "type": "definition", "offset": [134, 156]}, {"key": "ip-addresses", "type": "definition", "offset": [176, 188]}, {"key": "system-administration", "type": "definition", "offset": [203, 224]}, {"key": "by-the-client", "type": "clause", "offset": [338, 351]}], "samples": [{"hash": "gE0WPNKmT6c", "uri": "/contracts/gE0WPNKmT6c#pseudonymisation", "label": "Data Processing Agreement", "score": 31.5070324737, "published": true}, {"hash": "j4qAqlxatBc", "uri": "/contracts/j4qAqlxatBc#pseudonymisation", "label": "Data Processing Agreement", "score": 29.4759057292, "published": true}], "hash": "b23653a7ffc225946f6c4a0ec162806f", "id": 5}, {"size": 2, "snippet": "If the Personal Data is used for evaluation purposes which can also be fulfilled with pseudonymised data, then pseudonymisation techniques will be used. For each data field, it will be pre-defined whether pseudonymisation needs to be used or not, in order to avoid it being traced back to a particular person. The pseudonymisation key will be stored in a data safe, in order to restrict access as far as possible.", "snippet_links": [{"key": "the-personal-data", "type": "definition", "offset": [3, 20]}, {"key": "evaluation-purposes", "type": "definition", "offset": [33, 52]}, {"key": "pseudonymised-data", "type": "definition", "offset": [86, 104]}, {"key": "data-field", "type": "definition", "offset": [162, 172]}, {"key": "in-order-to", "type": "clause", "offset": [247, 258]}, {"key": "restrict-access", "type": "clause", "offset": [378, 393]}], "samples": [{"hash": "h2R4VFYo4xc", "uri": "/contracts/h2R4VFYo4xc#pseudonymisation", "label": "Contract Processing Agreement", "score": 29.7989151037, "published": true}, {"hash": "j9uvl1nQTJc", "uri": "/contracts/j9uvl1nQTJc#pseudonymisation", "label": "Contract Processing Agreement", "score": 23.2806297057, "published": true}], "hash": "893879bd4e62cc98149b7e9dd96e8e24", "id": 6}, {"size": 2, "snippet": "Assessments must be pseudonymised if the personal reference to the result is not absolutely neces- sary.", "snippet_links": [{"key": "the-personal", "type": "clause", "offset": [37, 49]}, {"key": "reference-to", "type": "definition", "offset": [50, 62]}], "samples": [{"hash": "bf8afRWbbMb", "uri": "/contracts/bf8afRWbbMb#pseudonymisation", "label": "Data Processing Agreement", "score": 23.7214236824, "published": true}], "hash": "3ab1ff6afd33dcbe375e80113fe1ef7b", "id": 7}, {"size": 1, "snippet": "a. The Processor is obliged to process personal data primarily pseudonymized, provided that the provision of services remains possible and is not impaired. This effort must be proportionate to the level of protection that is to be achieved.\nb. Pseudonyms must be created in such a way that personal data is replaced by unique artificial indexes, scrambles or random character strings.\nc. The information to dissolve the pseudonyms shall be encrypted and access shall only be granted to authorised persons of the Processor.", "snippet_links": [{"key": "the-processor", "type": "definition", "offset": [3, 16]}, {"key": "process-personal-data", "type": "definition", "offset": [31, 52]}, {"key": "provided-that", "type": "clause", "offset": [78, 91]}, {"key": "the-provision-of-services", "type": "clause", "offset": [92, 117]}, {"key": "level-of-protection", "type": "clause", "offset": [197, 216]}, {"key": "the-information", "type": "clause", "offset": [388, 403]}, {"key": "granted-to", "type": "definition", "offset": [475, 485]}, {"key": "authorised-persons", "type": "definition", "offset": [486, 504]}], "samples": [{"hash": "lJ7Uyr9YHTZ", "uri": "/contracts/lJ7Uyr9YHTZ#pseudonymisation", "label": "Data Processing Agreement", "score": 22.8453114305, "published": true}], "hash": "905e95aa54e673cb93b95a38a445d22d", "id": 10}], "next_curs": "ClkSU2oVc35sYXdpbnNpZGVyY29udHJhY3RzcjULEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2Ihlwc2V1ZG9ueW1pc2F0aW9uIzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"parents": [["confidentiality", "Confidentiality"], ["final-provisions", "Final Provisions"], ["sundry", "Sundry"], ["technical-and-organisational-measures-\u2587\u2587\u2587-checklist", "Technical and organisational measures (\u2587\u2587\u2587) checklist"], ["right-of-retention", "Right of retention"]], "size": 42, "title": "Pseudonymisation", "children": [["disclosure-control", "Disclosure control"], ["resilience", "Resilience"], ["input-control", "Input control"]], "id": "pseudonymisation", "related": [["contract-database-metadata-elements", "Contract Database Metadata Elements", "Contract Database Metadata Elements"], ["data-encryption", "Data Encryption", "Data Encryption"], ["protocol", "Protocol", "Protocol"], ["technical-and-organisational-measures", "Technical and Organisational Measures", "Technical and Organisational Measures"], ["technical", "Technical", "Technical"]], "related_snippets": [], "updated": "2025-07-07T12:36:18+00:00", "also_ask": ["What are the minimum technical and organizational safeguards required for effective pseudonymisation?", "How can pseudonymisation clauses be drafted to maximize compliance with GDPR and similar regulations?", "What are the main risks if pseudonymisation is incomplete or reversible, and how can these be mitigated?", "How do courts assess whether data is truly pseudonymised versus anonymised in litigation?", "What negotiation leverage exists around the scope and reversibility of pseudonymisation obligations?"], "drafting_tip": "Define pseudonymisation precisely to avoid ambiguity; specify technical and organizational measures to ensure compliance; require regular reviews to maintain data protection effectiveness.", "explanation": "The Pseudonymisation clause defines the process by which personal data is transformed so that it can no longer be attributed to a specific individual without the use of additional information. In practice, this involves replacing identifying fields within a data set with artificial identifiers or pseudonyms, and securely storing the key that links these pseudonyms to real identities separately. This clause is essential for enhancing data privacy and security, as it reduces the risk of unauthorized identification of individuals while still allowing data to be used for analysis or processing."}, "json": true, "cursor": ""}}