At the University of Cyprus (UCY), we are the technical partners in the Support4Resilience (S4R) project, responsible for developing the S4R Digital Toolbox. As we are not among the empirical partners, our primary focus lies outside the operational realities of the healthcare sector, allowing us to dedicate our efforts entirely to the technical architecture.
Our team includes three active researchers and a professor specializing in privacy, giving us strong knowledge in the areas of privacy and data security.
Privacy-by-Design and GDPR Compliance
For the S4R Toolbox, we have followed the privacy-by-design principle from the very beginning, considering General Data Protection Regulation (GDPR) compliance, data minimization and personal data privacy in every stage of development. This approach ensures that ethical and legal data protection standards are not an afterthought, but an integral part of the design process itself.
GDPR is the main legal framework for data protection in Europe. It establishes clear and strict requirements for how personal data should be processed and protected. Among its most important principles are:
- Transparency: Users must be fully aware of how their data is used.
- Informed consent: Users must explicitly agree to its use.
- Right to erasure: Users can withdraw that consent or delete their data at any time
Data Minimization and Anonymity
Data minimization within GDPR refers to the practice of collecting only the minimum amount of data necessary to achieve a specific purpose, while keeping usability intact. By avoiding unnecessary data collection, systems remain simpler, more efficient, and less vulnerable to privacy breaches.
Anonymous data collection is another core principle, especially within the context of this project.
To illustrate this, consider one of the tools developed within the S4R Toolbox. Tool 1 enables organizational leaders to gain insights into their teams through structured questionnaires covering six key capacities, including work-life balance, learning, and communication. Both leaders and healthcare workers complete the same questionnaire, allowing for a comparison between their perspectives and helping to identify potential areas for improvement within the organization.
How We Guarantee Technical Anonymity
It is essential that healthcare workers feel completely safe to respond truthfully, even in situations where workplace tensions or hierarchical pressures may exist. Ensuring anonymity is therefore critical. No one should be able to identify who submitted a response or when it was completed.
To achieve this, we implemented specific safeguards:
- No Login Requirements: Questionnaires are completed without any user identification.
- No Timestamps: All responses remain fully anonymous, and completion timestamps are never shared.
- Randomized Delays: A time delay may be introduced between the actual completion of a questionnaire and the moment it becomes visible to the leader, further safeguarding respondent’s anonymity.
Why We Excluded Open-Text Responses
In addition, we made the strategic decision not to include open-text responses, even though this feature was initially considered.
Free-text answers, while valuable for qualitative insight, carry a high risk of revealing the respondent’s identity through:
- Writing style.
- Phrasing.
- The use of specific terminology.
Conclusion: A Philosophy of Trust
This focus on privacy and anonymity reflects the broader philosophy of the Support4Resilience project fostering resilience and well-being through ethical, responsible, and secure digital innovation.
By prioritizing data protection and user trust, the S4R Toolbox not only complies with European regulations but also contributes to creating a safer, more transparent, and user-centred environment in healthcare organizations.
Written by: Efi Siapiti, from the University of Cyprus