The GDP privacy regulation, also known in the Netherlands as AVG, is based on the minimisation of the number of systems in an institution where personal data is stored. On the other hand, there is the obligation to preserve the possible exposure of researchers to carcinogenic substances (or broader CMR agentia) for 40 years.
How did we reconcile these two contradictory requirements in the Lab Servant?
The answer is found in the pseudonymisation of personal data at a time when an employee or student is no longer connected to the institute for more than a certain period of time, say a year. Pseudonymisation means that all personal details of a person are deleted in the Lab Servant and that the name is replaced by a personnel number (employees) resp. student number (students).
The key between name and number is only known in the corporate employee resp. student administration system.
If after a long time a person reports to the institute with complaints that could result from the exposure to hazardous substances, the HR department can check in the Lab Servant – with the “key” – with which substances the person worked in which lab and during which period. All that information has been stored in the Lab Servant in a pseudonymised manner. The pseudonymisation routine runs every night and processes the persons who are no longer connected to the institute for more than an agreed period.