Secure data processing in the processing environment
Under the Secondary Use Act, individual-level pseudonymised personal data may only be processed in secure processing environments. Transfers of personal data are carried out via a secure transfer service.
Personal data processed under a Findata data permit is classified as confidential.
In practice, this entails the following obligations:
Individuals must not be re-identified from pseudonymised data under any circumstances.
Datasets must not be copied or saved, for example by photographing them or transferring them outside the processing environment.
The authorised dataset may only be processed by the individuals specified in Findata’s data permit. If there are changes to the research group, the controller must apply for authorisation for new data processors through an amendment permit.
Exporting results from the processing environment
Only anonymous results may be exported from the processing environment. Exporting must take place using procedures provided and controlled by the environment’s service provider.
The anonymisation of results must follow Findata’s anonymisation guidance.
The anonymity of results must be assessed before they are exported. The assessment is based on whether an individual could be identified from the results.
Whenever results are exported from a secure processing environment, Findata must be notified.
The procedure depends on which environment is used: