Data trustee

The data trustee mediates between the person concerned with the data and the service provider who processes this data. The data trustee replaces the identity of the data subject with a pseudonym if sensitive personal data is to be processed.

The transfer of data to the processor under a pseudonym by the data trustee requires that the processor does not need further data to describe the identity of the person. With the measure of anonymization and pseudonymization , the data trustee enforces data avoidance and data economy (see need-to-know principle ).

Example from science and research

In the case of patient data processed for medical research, the identities are replaced by anonymous or pseudonym in order to protect the patient's personal rights (Pöttgen, 2009). These pseudonyms are managed by the data trustee - the data trustee can also be an electronic data processor, for example a web service .

Further examples

Donor protection in biobanks , newborn screening and the central list , which contains the names of over 8,000 HIV- positive people.

If a customer mistrusts foreign cloud services or wants to ensure that his data is treated in accordance with national law (e.g. in accordance with German information technology law ), he can engage a domestic data trustee who ensures that his data is only stored in accordance with the law applicable in the country and passed on.

Web links

• Tasks and functions of the data trustee , Ulrich Keiper & Renate Elze, lawyers

Individual evidence

1. ^ Nicole Pöttgen: Medical research and data protection . Peter Lang Internationaler Verlag der Wissenschaften, 2008, ISBN 978-3-631-58050-9 ( google.de [accessed on December 14, 2016]). 
2. ^ Rita Wellbrock, Rainer Metschke: Data protection in science and research. (No longer available online.) Berlin Commissioner for Data Protection and Freedom of Information, Hessian Data Protection Commissioner, archived from the original on December 14, 2016 ; accessed on December 14, 2016 . 
3. ^ Johannes Caspar: 10.1 Advice on data protection law for medical research projects. (No longer available online.) In: 23rd Activity Report 2010/2011. The Hamburg Commissioner for Data Protection and Freedom of Information, archived from the original on August 18, 2012 ; accessed on December 14, 2016 . 
4. ↑ Orientation aid : Pseudonymization in medical research. (No longer available online.) In: www.datenschutz-bayern.de. Archived from the original on October 24, 2015 ; accessed on December 14, 2016 . 
5. ^ Christian Dierks: sample contract - electronic data trustee. Retrieved December 14, 2016 . 
6. ^ H. Hund H, Graupner, S. Gerth, D. Loßnitzer, C. Fegeler: GMS | GMDS 2012: 57th annual conference of the German Society for Medical Informatics, Biometry and Epidemiology eV (GMDS) | Web service for secure pseudonymization by data trustees. In: www.egms.de. Accessed December 14, 2016 . 
7. ^ Wolfgang Zimmermann: Data protection auditing of biobanks. (PDF) (No longer available online.) State Center for Data Protection Schleswig-Holstein, 2008, archived from the original on December 14, 2016 ; accessed on December 14, 2016 . 
8. ↑ Handling of data in newborn screening. (No longer available online.) Charité - Universitätsmedizin Berlin, archived from the original on December 14, 2016 ; accessed on December 14, 2016 . 
9. ↑ Competence Network HIV / AIDS: Competence Network HIV / AIDS - Data Protection and Patients' Rights. In: www.kompetenznetz-hiv.de. Retrieved December 14, 2016 . 
10. ^ A cloud with German data trust , Microsoft , accessed on December 15, 2016.