Thanks to the advent of the digital revolution, coupled with advances in computing power, medical research is becoming increasingly data intensive. Extracting meaningful information from data sets and continuous flood of data is a challenge but holds unparalleled potential for observational studies on, e.g., the use and safety of drugs and rare diseases, epidemiological studies and digital disease detection. At the same time Cloud computing is used for two main reasons in secondary health research: first, to allow large-scale digital health data processing using readily scalable, external infrastructure; and second, to allow the sharing of digital health data with collaborators via a jointly usable IT environment. In this context of the DITAS project (https://www.ditas-project.eu/), to reconcile the often-competing values of data protection and innovation, aims at providing developers with processes and tools for the creation of GDPR compliant data-intensive applications in cloud computing. The aim of this paper is to show how in DITAS context researchers can lawfully further process for research purposes sensitive data originally collected for clinical activity when anonymization (Section 2) and pseudonymization (Section 3) techniques are applied.