Data protection

Subscribe to Data protection

Data-driven technologies, particularly artificial intelligence and other complex algorithms, have the potential to enhance patient care and catalyse medical breakthroughs. However, these technologies are heavily reliant on data, which poses challenges in ensuring that patient information is handled in a safe, secure and legally compliant way.

In response to early issues with the deployment of artificial intelligence and other algorithmic tools in healthcare, on 5 September 2018 the UK Department of Health & Social Care (DH) published an Initial Code of Conduct for Developers and Suppliers of Data-driven Health and Care Technology (the Code). The Code is not legally binding but aims to raise standards by establishing best practices.

Continue Reading UK guidance for developers of health care software and technologies

The General Data Protection Regulation (GDPR) entered into force on 25 May 2018 and, in the absence of any transition period, companies are now expected to be in full compliance with the new requirements. However, with key guidance from regulators only recently released or still in progress, and national implementing legislation enacted at the eleventh hour, developing a GDPR-compliant approach to consent in the context of clinical trials remains an ongoing project. This post reviews the guidance available to date.

Continue Reading Clinical trial consents under the EU GDPR: where do we stand?

The General Data Protection Regulation (GDPR) (EU) 2016/679 comes into force on 25 May 2018. It is a substantial change to the EU’s data protection regime, and non-compliance may lead to heavy fines.  On the eve of implementation, Arnold & Porter’s Future Pharma Forum invites you to a roundtable discussion on how life will differ under the new legislation, and key issues that in-house lawyers should be aware of.

Topics

  • A refresher on the GDPR, what it covers and how it applies to life sciences companies
  • An overview of latest guidance and developments in the run up to implementation
  • Discussion of current hot topics / open questions for the life sciences sector

See the website for more information, or sign us here. Hope to see you there!

The new General Data Protection Regulation 2016/679/EU (GDPR), which will apply throughout the EU from 25 May 2018, has strengthened the protection of individuals’ personal data. Data subjects have new rights to help ensure their data are processed securely and with adequate protections (such as the right to erasure of personal data—the “right to be forgotten”—and to data portability), and there are clearer responsibilities and obligations placed on companies using such data (such as the need to appoint a data protection officer and to carry out a data protection impact assessment). Penalties are also substantial: national regulators will have the power to impose fines of up to €20 million or four percent annual global turnover, whichever is the higher.

How these strengthened rights fit with other sector-specific legislation where large quantities of data are collected and processed, such as clinical trials, is currently unclear. Added to this, there are no transitional rules governing how data currently held and being collected will be dealt with once the GDPR becomes applicable. Our recent article discusses some of the implications for clinical trials, focusing on the changes that affect the collection of data from data subjects, and their rights under the GDPR.  It is clear that all organisations should consider their processes in light of the GDPR, and understand the remit of their compliance responsibilities, particularly for trials and data processing that have already started.