**Possible reasons**

• Hackers

• Careful handling of samples

*Risk Management and Assessment*

**Possible reasons**

**Possible consequences**

• Action of affected patients

**Possible coping strategies**

software components

• Regular staff training

*samples*

• Lack of time

• Lack of staff

• Image loss

• Scandalization

procedure

**92**

**Possible consequences**

**Possible coping strategies**

**Possible reasons**

anonymization by data custodians

• Image loss

• Expanding of personnel resources

• Detailed information about shipping conditions and requirements

*4.2.2.6 Incomplete pseudonymization and anonymization of process-related data*

• Design or implementation errors of the used pseudonymization software

• Continuous scientific testing and validation of data protection measures and

• Externalization of parts of this risk through outsourcing of pseudonymization/

*4.2.2.7 Insufficient informed consent discussion of the medical doctor for collection of*

• Complaints because of inadequate informed consent discussions

• Training of medical doctors according to informed consent Standard Operation

• Negligent breach of data protection regulations of biobank staff

• Sanctions because of breach of data protection law


#### **Possible consequences**

