What is it? Why is it important?

The General Data Protection Regulation (GDPR) is a European directive that ensures the privacy and protection of personal data.

Personal data includes any personal information from participants such as genetic data, biometric data, health-related data, and data revealing racial or ethnic origin.

In the event of a GDPR breach, significant fines and penalties apply. Thus, appropriate safeguards must be put in place to ensure lawful and transparent data processing.

Participants under the GDPR have eight fundamental rights based on information, access, erasure, restriction of processing, data portability, objection, and object to automated decision making profiling (see further explanations under more)


Under the GDPR, participants from whom personal data have been collected have eight fundamental rights:

1. Information:

Knowledge regarding the kind of data being collected and processed, including the rationale for such processing

2. Access:

Access to their processed data

3. Rectification:

Modify inaccurate or out-dated data

4. Erasure:

Request to have their data deleted (rules and exceptions apply)

5. Restriction of processing:

Limit the processing of their data (rules and exceptions apply)

6. Data Portability:

Request for their data to be transferred to themselves or another controller

7. Objection:

Refuse to their data being used

8. Object to automated decision making and profiling:

Refuse to be the subject of decisions based on automated processing

What do I need to do?

As a SP-INV, consider when including European participants:

  • Extraterritorial applicability:

GDPR applies to all personal data processed from EU participants

  • Privacy:

Its protection starts at the initial design or set-up of the study and lasts throughout the development of defined systems processing personal data

  • Data protection officer:

DPO must be appointed at each study site and remains responsible for the correct processing and handling of personal data

Note GDPR is a challenging topic. Its use and relevance should be well studied and implemented according to data protection demands of a given study.

Where can I get help?

Your local CTU can support you with experienced staff regarding this topic


GDPR – see in particular articles

  • Art. 9 Processing of personal data
  • Art. 13 Information provided to subjects
  • Art. 14 Information provided from personal data not obtained from subjects
  • Art. 15 Right of data access by the subject
  • Art. 16 Right to rectification
  • Art. 17 Right to erasure
  • Art. 18 Right to restriction processing
  • Art. 20 Right to data portability
  • Art. 20 Right to object
  • Art. 22 Automated individual decision making, including profiling
  • Art. 24 Responsibility of the controller
  • Art. 25 Data protection by design and default
  • Art. 37 – 39 The Data Protection Officer
  • Art. 83 – 84 Fines and penalties

Swiss Law

HRA – see in particular chapter and articles

  • Chapter 10: Transparency and data protection
  • Art. 16 Informed Consent
  • CTU – Clinical Trials Unit
  • DPO – Data Protection Officer
  • GDPR – General Data Protection Regulation
Basic ↦ Data Handling ↦ Regulatory Requirements ↦ EU Regulation

Provides some background knowledge and basic definitions

Basic Protocol
Basic Statistics
Basic Monitoring
Basic Drug or Device

Starts with a study idea

Ends after having assessed and evaluated study feasibility

Concept Protocol
Concept Statistics
Concept Drug or Device

Starts with confidence that the study is feasible

Ends after having received ethics and regulatory approval

Development Protocol
Development Statistics
Development Drug or Device

Starts with ethics and regulatory approval

Ends after successful study initiation

Set-Up Protocol
Set-Up Ethics and Laws
Set-Up Statistics
Set-Up Quality and Risk
Set-Up Drug or Device

Starts with participant recruitment

Ends after the last participant has completed the last study visit

Conduct Protocol
Conduct Statistics
Conduct Drug or Device

Starts with last study visit completed

Ends after study publication and archiving

Completion Protocol
Completion Statistics
Completion Drug or Device
Current Path (click to copy): Basic ↦ Data Handling ↦ Regulatory Requirements ↦ EU Regulation

Please note: the Easy-GCS tool is currently under construction.