The consortium developed ‘Security and Privacy support measures for SurPass v2.0 implementation in clinical research/public health and patient-centred healthcare processes’ (as reported in D3.4). During the PanCareSurPass project, clinics in Austria, Belgium, Germany, Italy, Lithuania and Spain collected and sent data for survivors enrolled in the implementation study to the SurPass v2.0 platform in Italy. The SurPass platform was used to process relevant data for the health-related conditions and treatments received by cancer survivors. Strong data protection measures were needed to make sure that the processed data was safe. Partners considered both European and local data protection regulations in their evaluation of the SurPass platform’s Security and Privacy support measures. Measures conform with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General data protection regulation (GDPR)), in particular Article 25 (principle of privacy by design). Partners ensured that they implemented controls related to security and privacy options, including right exercising and data processing accountability. Activities were identified as necessary for clinics implementing the SurPass, including establishing privacy by design, conducting data protection impact assessments (DPIAs), establishing local training calendars, carrying out program software/system audits and using security tools. 20 recommendations were developed to assure all the requisite of “Privacy by Design and by default”, which ultimately involves complying with the GDPR, were applied on the IT system’s security and personal data protection of the SurPass Platform (CINECA-Italy) and also at each PanCareSurPass clinic site (CCRI/AIT-Austria, KU Leuven-Belgium, UMC-Mainz/UzL-Germany, IGG-Italy, VULSK-Lithuania, HULAFE-Spain).