Basic↦Data Handling↦Regulatory Requirements↦General Data Protection Regulation
What is it? Why is it important?
The General Data Protection Regulation (GDPR) is a European directive that ensures the privacy and protection of personal data.
Personal data includes any personal information from participants such as genetic data, biometric data, health-related data, and data revealing racial or ethnic origin.
In the event of a GDPR breach, significant fines and penalties apply. Thus, appropriate safeguards must be put in place to ensure lawful and transparent data processing.
Participants under the GDPR have eight fundamental rights based on information, access, erasure, restriction of processing, data portability, objection, and object to automated decision making profiling (see further explanations under more)
Under the GDPR, participants from whom personal data have been collected have eight fundamental rights:
Knowledge regarding the kind of data being collected and processed, including the rationale for such processing
Access to their processed data
Modify inaccurate or out-dated data
Request to have their data deleted (rules and exceptions apply)
5. Restriction of processing:
Limit the processing of their data (rules and exceptions apply)
6. Data Portability:
Request for their data to be transferred to themselves or another controller
Refuse to their data being used
8. Object to automated decision making and profiling:
Refuse to be the subject of decisions based on automated processing
What do I need to do?
As a SP-INV, consider when including European participants:
- Extraterritorial applicability:
GDPR applies to all personal data processed from EU participants
Its protection starts at the initial design or set-up of the study and lasts throughout the development of defined systems processing personal data
- Data protection officer:
DPO must be appointed at each study site and remains responsible for the correct processing and handling of personal data
Note GDPR is a challenging topic. Its use and relevance should be well studied and implemented according to data protection demands of a given study.
Where can I get help?
Your local CTU↧ can support you with experienced staff regarding this topic
Basel, Departement Klinische Forschung, CTU, dkf.unibas.ch
Lugano, Clinical Trials Unit, CTU-EOC, www.ctueoc.ch
Bern, Clinical Trials Unit, CTU, www.ctu.unibe.ch
Geneva, Clinical Research Center, CRC, crc.hug.ch
Lausanne, Clinical Research Center, CRC, www.chuv.ch
St. Gallen, Clinical Trials Unit, CTU, www.kssg.ch
Zürich, Clinical Trials Center, CTC, www.usz.ch
GDPR – see in particular articles
- Art. 9 Processing of personal data
- Art. 13 Information provided to subjects
- Art. 14 Information provided from personal data not obtained from subjects
- Art. 15 Right of data access by the subject
- Art. 16 Right to rectification
- Art. 17 Right to erasure
- Art. 18 Right to restriction processing
- Art. 20 Right to data portability
- Art. 20 Right to object
- Art. 22 Automated individual decision making, including profiling
- Art. 24 Responsibility of the controller
- Art. 25 Data protection by design and default
- Art. 37 – 39 The Data Protection Officer
- Art. 83 – 84 Fines and penalties
HRA – see in particular chapter and articles
- Chapter 10: Transparency and data protection
- Art. 16 Informed Consent