9. Compliance Mapping
The following table provides a high-level mapping between the ZODIAC anonymization workflow and relevant privacy, security, and DICOM confidentiality principles. It is intended as supporting information for review and should not be interpreted as a standalone legal assessment.
| Area | ZODIAC control or design feature |
|---|---|
| Client-side anonymization | Original DICOM files and clinical data are anonymized locally in the browser before upload. |
| Data minimization | Only anonymized DICOM files and anonymized clinical metadata selected by the user are uploaded. |
| Local traceability | Mapping and traceability files remain at the participating institute and are not uploaded to the platform. |
| DICOM confidentiality principles | The anonymization profiles are based on configurable handling of DICOM tags, including removal, replacement, or pseudonymization of identifying attributes. |
| Access control | Access to uploaded archive items is controlled through platform authentication, permissions, and archive access rules. |
| Audit support | The interface provides downloadable anonymization and upload logs for local review and audit records. |