This document describes the anonymization and upload process for medical imaging (DICOM) and associated clinical data in the ZODIAC Pillar-4 platform.

The system ensures that no identifiable patient data is transferred to or stored on the central platform. All anonymization is performed client-side in the uploader’s web browser before any data leaves the institute’s control.

This guideline is intended for:

• Participating institutes uploading data
• IAEA platform administrators
• Data privacy and security reviewers

It demonstrates compliance with IAEA information security requirements (AM.IV/3), DICOM PS3.15 Basic Application Level Confidentiality Profile principles, and GDPR Recital 26 (anonymized data is not personal data).