Data trustee platform with a trust center service on demand
The independent mediator between data providers and data users
Today more than ever, personal data is a resource that needs to be protected. Digitalization is leading to a growing number of services where users are required to provide their data. Data providers expect their sensitive data to be handled with trust. Especially when data is exchanged digitally, it must be protected against manipulation and theft, and the identities of those providing their data must be protected at all times. At the same time, the high requirements of the General Data Protection Regulation (GDPR) must be met.
A data trustee can help to create trust by acting as an independent intermediary between the data provider and the data user. This trustee can take on different tasks: From securing data access and the secure identification of the parties involved in data exchange to organizing access authorizations, right through to data processing which is coordinated with the data providers and users (e.g. pseudonymization, clustering and filtering of data). With CenTrust, Bundesdruckerei GmbH offers a data trustee platform that can be used for various applications.
Exchanging sensitive health data securely with the trust agency service
The so-called trust agency service is a central application of the CenTrust data trustee platform. Data from different sources can be linked and pseudonymized via the trust agency service and then made available to authorized data users. Pseudonymization of the data ensures that no conclusions can be drawn regarding individuals, making it particularly suitable for patient data in the healthcare sector and in research.
Independent – No vested interest in the data
Legally compliant – Meets all data protection requirements (GDPR) at both national and European level
Flexibel – Trust agency service on demand, tailor-made for any project term
Comprehensive – Support throughout the project and assistance when drawing up data protection concepts
Trusted – As the Federal Government’s security company, Bundesdruckerei is a reliable and independent partner
Data exchange notary
Much like a notary, a data trustee is an independent trusted authority that transfers data between the data provider and the data user securely and in compliance with the law. In doing so, the data trustee ensures compliance with the following principles:
- Transparency and sovereignty: The data provider knows exactly who uses or wishes to use their data and when. The data provider decides who is to receive which data.
- Pseudonymization and anonymization: Where necessary, data is pseudonymized or anonymized and made available to users. This ensures that no conclusions can be drawn regarding the respective individual.
- Authorization and access management: Unauthorized persons cannot access the data provider’s data at any time. The authorized data user only receives the data that has been released for this user.
- Monitoring and logging: All activities on the data trustee platform are recorded and monitored. The data provider keeps track of who uses what data and when.
In order for a data trustee to be accepted as an independent institution, especially by data providers, it must be independent vis-à-vis third parties and must not have any vested interest in the data to be managed. Bundesdruckerei GmbH with its data trustee platform CenTrust meets these requirements – with quality and reliability ‘Made in Germany’. That’s because the data is hosted and processed in Bundesdruckerei’s high-security infrastructure. What’s more, we comply with all the requirements of the GDPR both at national and European level.
Data trustee applications
The so-called trust agency service is a central data trustee application. Data from different sources can be linked and pseudonymized via the trust agency service. Data is first pseudonymized before it is made available to authorized data users.
Identity management during the modernization of registers and their interconnection is another data trustee application. The data trustee could also be used in future as a data intermediary under the European Commission’s draft Data Governance Act. This would allow start-ups, for instance, to share their own data via an independent data intermediary or they could benefit from the data collections of other sharing companies or institutions. Especially in medical research, however, data trustees are indispensable when it comes to guaranteeing patients' sovereignty over their data at all times.
Trust agency service for medical research data
The trust agency service is a data trustee application. With its data trustee platform CenTrust, Bundesdruckerei GmbH offers a trusted and reliable trust agency service for medical research data in the eHealth sector. That’s because protecting sensitive personal data in accordance with the GDPR is particularly important, especially when merging health data for medical research. Bundesdruckerei can provide support here to draw up suitable data protection concepts.
Pseudonymization of data for research
In order for patient data to be used for research in a manner that is both secure and legally compliant, research institutions may only receive data that has been pseudonymized. This is the task of the trust agency. Pseudonymization removes all personal information from records that could identify a patient. The name or another identification feature is replaced by a pseudonym – for instance, a character string.
The trust agency then transmits this pseudonymized data to the authorized user where the data can be either used or passed on within the scope of agreements. The institutions receive the information both in a secure and GDPR-compliant manner and only on a need-to-know basis. Only the trust agency can reassign the data to the original data provider. The patient as the data provider retains full control over their data and over who may receive which data.
Trust agency service on demand
Bundesdruckerei offers an on-demand trust agency service. This means that institutions and companies involved in research can use the CenTrust data trustee platform quickly, easily and precisely for any project term. The data is then stored on Bundesdruckerei’s high-security servers and is encrypted in accordance with the current standards of the Federal Office for Information Security (BSI).
Bundesdruckerei GmbH is already successfully supporting medical research projects. We operate a trust center for the Robert Koch Institute (RKI), for instance, acting as a reliable data trustee for the transmission of medical data of HIV patients from 15 different clinics for research purposes. As part of the projects supported by the Innovation Fund of the Federal Joint Committee (G-BA), we support the Germany-wide Multiple Sclerosis Registry with our trust agency service by linking health insurance data with registry data for research purposes. We are also the trust agency for RKI when it comes to digital vaccination rate monitoring for COVID-19 vaccination.
Promoting networked medical research
As the first promoting member of TMF (Technology and Method Platform for Networked Medical Research e. V.), Bundesdruckerei GmbH is keen to improve the quality of collaboration in medical research and to develop model solutions as well as innovative concepts, infrastructures and methods for networked medical research. TMF is making an important contribution to efficient cutting-edge medical research in Germany. Like Bundesdruckerei, the association is committed to the topics of digitalization, data protection, data security and IT networking in the healthcare sector and in health research.
A data trustee is an independent intermediary that transfers data in a secure and legally compliant manner between data providers and third parties (e.g. research institutions, companies, other organizations) that wish to use the data. It secures and organizes access to the data, pseudonymizes, links or processes data, or checks integrity, i.e. the integrity of the data transmitted. In this capacity, the data trustee must always meet and guarantee the high standards of the General Data Protection Regulation (GDPR).
A data trustee enables data providers to retain sovereignty and control over their data. Data providers themselves decide which data is to be passed on or not and to whom. The data trustee warrants that data users can only access data that has been released for them. What’s more, data users can rest assured that they have the consent of the data provider to share their information. Since data trustees have no commercial interest in using the data transmitted, they essentially symbolize neutrality, trust and acceptance.
A data trustee can bring data protection and research together by pseudonymizing patient data and making research data available to research institutions without any reference to individuals. In this way, sensitive data can be handled for research purposes in a manner that complies with data protection and legal requirements.
When pseudonymizing the data, the name or another identification feature is replaced by a so-called pseudonym. This is usually a character string and ensures that the identity of the data provider cannot be determined. The task of pseudonymization is carried out at the trust agency’s data trustee.
Yes, we can assist customers when it comes to drawing up a data protection concept for their project.