On 23 January 2019, the European Data Protection Board (EDPB) adopted an Opinion on the interplay between the Clinical Trials Regulation (CTR), which is likely to become applicable in 2020 (if not later), and the European General Data Protection Regulation (GDPR). The Opinion focusses on an area provoking much discussion since the GDPR came into force; that is, as we discussed in our previous blog, which legal bases under the GDPR are appropriate for processing personal data in the context of clinical trials?


Continue Reading

Data-driven technologies, particularly artificial intelligence and other complex algorithms, have the potential to enhance patient care and catalyse medical breakthroughs. However, these technologies are heavily reliant on data, which poses challenges in ensuring that patient information is handled in a safe, secure and legally compliant way.

In response to early issues with the deployment of artificial intelligence and other algorithmic tools in healthcare, on 5 September 2018 the UK Department of Health & Social Care (DH) published an Initial Code of Conduct for Developers and Suppliers of Data-driven Health and Care Technology (the Code). The Code is not legally binding but aims to raise standards by establishing best practices.


Continue Reading

The General Data Protection Regulation (GDPR) entered into force on 25 May 2018 and, in the absence of any transition period, companies are now expected to be in full compliance with the new requirements. However, with key guidance from regulators only recently released or still in progress, and national implementing legislation enacted at the eleventh hour, developing a GDPR-compliant approach to consent in the context of clinical trials remains an ongoing project. This post reviews the guidance available to date.

Continue Reading

The new General Data Protection Regulation 2016/679/EU (GDPR), which will apply throughout the EU from 25 May 2018, has strengthened the protection of individuals’ personal data. Data subjects have new rights to help ensure their data are processed securely and with adequate protections (such as the right to erasure of personal data—the “right to be