9. Compliance Mapping

The following table provides a high-level mapping between the ZODIAC anonymization workflow and relevant privacy, security, and DICOM confidentiality principles. It is intended as supporting information for review and should not be interpreted as a standalone legal assessment.

Area ZODIAC control or design feature
Client-side anonymization Original DICOM files and clinical data are anonymized locally in the browser before upload.
Data minimization Only anonymized DICOM files and anonymized clinical metadata selected by the user are uploaded.
Local traceability Mapping and traceability files remain at the participating institute and are not uploaded to the platform.
DICOM confidentiality principles The anonymization profiles are based on configurable handling of DICOM tags, including removal, replacement, or pseudonymization of identifying attributes.
Access control Access to uploaded archive items is controlled through platform authentication, permissions, and archive access rules.
Audit support The interface provides downloadable anonymization and upload logs for local review and audit records.