Your Easy Guide to Clinical Studies

The General Data Protection Regulation (GDPR) is a European directive that ensures the privacy and protection of personal data.

Personal data includes any personal information from participants such as genetic data, biometric data, health-related data, and data revealing racial or ethnic origin.

Participants under the GDPR have eight fundamental rights based on information, access, erasure, restriction of processing, data portability, objection, and object to automated decision making and profiling (see further explanations under more)

More

As a SP-INV, consider when including European participants or when processing data in a European country:

• Extraterritorial applicability: GDPR applies to all personal data processed from EU participants
• Privacy: Its protection starts at the initial design or set-up of the study and lasts throughout the development of defined systems processing personal data
• Data protection officer (DPO): A DPO must be appointed at each study site and remains responsible for the correct processing and handling of personal data

Note GDPR is a challenging topic. Its use and relevance should be well studied and implemented according to data protection demands of a given study.

References

GDPR – see in particular articles

• Art. 9 Processing of personal data
• Art. 13 Information provided to subjects
• Art. 14 Information provided from personal data not obtained from subjects
• Art. 15 Right of data access by the subject
• Art. 16 Right to rectification
• Art. 17 Right to erasure
• Art. 18 Right to restriction processing
• Art. 20 Right to data portability
• Art. 20 Right to object
• Art. 22 Automated individual decision making, including profiling
• Art. 24 Responsibility of the controller
• Art. 25 Data protection by design and default
• Art. 37 – 39 The Data Protection Officer
• Art. 83 – 84 Fines and penalties