Balancing Innovation and Regulation: Algorithms and GDPR Compliance in Data Processing

As the healthcare sector increasingly relies on digital data to drive research and innovation, new tensions have emerged between the imperative to leverage information and the obligation to safeguard individual privacy. This thesis explores the intersection between data processing methodologies and the legal framework established by the General Data Protection Regulation (GDPR), with a specific focus on the anonymization of clinical datasets. The analysis begins with an examination of the GDPR's core principles and its impact on data governance, followed by a detailed investigation of the data processing pipeline legal requirements and the regulatory challenges associated with each phase. Particular attention is devoted to the transformation phase, where anonymization techniques play a crucial role in mitigating re-identification risks. Building on this foundation, the thesis evaluates a set of anonymization methods: k anonymity, l diversity, t closeness, highlighting their theoretical underpinnings and legal compatibility with GDPR standards. To complement the theoretical analysis, an experimental framework is developed and applied to a synthetic clinical dataset. Three widely-cited anonymization algorithms are implemented and assessed along three dimensions: privacy protection, data utility and GDPR compliance. The results offer a comparative perspective on the practical performance and regulatory adequacy of different anonymization approaches, contributing to the ongoing discourse on privacy-preserving data publishing in the healthcare domain. Ultimately, the thesis aims to provide guidance on how to balance innovation and legal responsibility when processing sensitive personal data.