Anonymization

It may be necessary to retain data in a non-anonymized form. Therefore, researchers are invited to revisit a key question: Do I still need to preserve my non-anonymized data? 

Based on the individual researcher’s assessment and on the outcomes of the risk assessment, a decision must be made. Researchers should therefore return to their Data Management Plan (DMP), which includes the risk assessment, and use it to explicitly document and justify this choice. The researcher bears responsibility for clearly stating whether non-anonymized data need to be preserved and for explaining why. One possible justification may relate to the need to verify or reassess research findings after a certain period. For example, if original data have been used to produce specific observations, their retention may be necessary to evaluate the continued validity of the analysis in light of changing socio-political contexts. It is essential to keep a clear record of the entire reflection process underlying this decision, as it may be subject to subsequent review or audit.  

If a non-anonymized version is not required, only the anonymized version of the data could be preserved. 

When the answer to this question differs from what was declared in the data management plan, the plan must be updated accordingly. Archiving decisions should always remain aligned with the data management plan and its stated purposes. 

Researchers should also reflect on the long-term effectiveness of the chosen anonymization technique. Anonymization should not only be adequate at the time of archiving but also remain robust over time, ensuring that individuals cannot be re-identified. 

Ideally, this reflection leads to a reassuring conclusion: the anonymization already performed continues to be effective over time. When this is the case, preservation practices can proceed with greater confidence, balancing data protection, research integrity, and long-term reuse.