SlideShare a Scribd company logo

EU Medical Device Clinical Research under the General Data Protection Regulation

Download as PPTX, PDF
Erik Vollebregt
Erik Vollebregt

Presentation about medical devices patient data management under the EU General Data Protection Regulation at the Medical Device Clinical Research Conference in November 2015

Health & Medicine
1 of 29
PATIENT DATA MANAGEMENT UNDER THE GDPR 8TH ANNUAL EU MEDICAL DEVICE CLINICAL RESEARCH 6 November 2015 Erik Vollebregt www.axonadvocaten.nl
General Data Protection Regulation The current EU system is: • Fragmented • Outdated • Unclear Proposal for a new framework: The General Data Protection Regulation. • Regulation: direct effect in member states (no national legislation except implementation) • Requires significant work by mHealth companies to implement Looks to be finished end of 2015 – in force 2016?
3 GDPR: threatening healthcare
GDPR: interfaces Dependencies with other legislation on security and data breaches • e-Privacy directive (2002/58) • NIS directive (in trilogue)
GDPR – when?
Background • Proposed new General Data Protection Regulation on clinical investigations and clinical data • In Vitro Diagnostics Regulation • Medical Devices Regulation • To address national inconsistencies, each of the new laws will be a Regulation rather than a Directive. While this is intended to harmonise the approach to these issues, it will increase the compliance burden and increases uncertainty • Impact • Practical preparations for the draft Regulations
Overview of Data Protection • Significant Changes in Data Protection Regulation • Consent • Research • Administratively burdensome bureaucracy • Fines • Collateral damage: ‘Potentially catastrophic’ effects on biobanks, registries, personalised medicine, e-health and the development of new therapies • What we hate in marketing and social media, we actually want in health care • further processing, monitoring, profiling, predictions, traceability, secondary processing • Innovative and/or long-term uses of personal data are problematic • known unknowns and unknown unknowns • International transfers and sharing of personal data
What is the same • “Personal Data” remains a cornerstone • Reasonable likelihood of identification of an individual remains a dynamic test – probably • Data can still become “personal” as a result of technological or other reasons (mosaicing) • Privileged status of “data concerning health” (and data re racial or ethnic origin) requires extra care • Consent to processing (and purpose limitation) remains a cornerstone • Capacity to consent remains a matter of national law • Focus remains on each act of processing personal data rather than the collection or holding of data. The data controller must verify that there is a legitimate basis for the processing • Even anonymising or pseudonymising data = processing • Export of personal data outside EEA only permissible with adequate level of protection
What Changes (or is clarified) (1) • “Personal data” Likelihood of identification of data subject • Deleted qualifier “by means reasonably likely” (but this may come back) • Added a definition of “pseudonymisation” which appears to mean that pseudonymised data remains personal data regardless of the number and nature of steps taken to key code • Consent requirements/invalidation • Broad consent and “opt-out” consent explicitly rejected • Biological samples should be considered identifiable data • Definitions of Genetic data and Biometric data • Scope of the Research derogation under threat
What Changes (or is clarified) (2) • Data Protection becomes a fundamental right • Access Rights • Impact Assessments required • Data Protection Officers • Right to compensation for incompliant processing • Fines • staggered fines for violations depening on severity up to € 1 mio / 2% world wide annual turnover but final percentage / threshold still under debate (may go up to 5%)
Consent: Validity & Purpose Limitation • To be valid, consent to the processing of personal data must: • be freely given, specific, informed and explicit • be a clear affirmative action (no opt-outs) • The use of default options which the data subject is required to modify to object to the processing, such as pre-ticked boxes, does not express free consent. • cover all processing activities carried out for the same purpose. • Once the original purpose ends, data subject must re-consent/ re-affirm. • Consent shall be purpose-limited and shall lose its validity when the purpose ceases to exist or as soon as the processing of personal data is no longer necessary for carrying out the purpose for which they were originally collected. • Where the conclusion of the intended purpose is unclear, the controller should in regular intervals provide the data subject with information about the processing and request a re-affirmation of their consent.
Consent by persons lacking legal capacity • What is the best approach to re-consent from a person who loses capacity as a result of a degenerative condition? • Broad consent before the data subject loses capacity? • Power of Attorney (or equivalent) before the data subject loses capacity? • “Delegated” or “surrogate” consent? • Consent to such actions processing as is approved by the Registry’s Ethics Committee (in line with Helsinki Declaration)
Impact Assessment: Art 33 • Data controller must conduct impact assessments on the rights and freedoms of the data subjects, especially their right to protection of personal data when processing: • [personal data relating to more than 5000 data subjects during any consecutive 12-month period;] • “special categories of personal data” - personal data revealing race or ethnic origin; genetic or biometric data or data concerning health or sex life; • [location data or data on children in large scale filing systems]; or • personal data for the provision of health care, epidemiological researches, or surveys of mental or infectious diseases, where the data are processed for taking measures or decisions regarding specific individuals on a large scale. • The good news is that a single assessment may suffice for similar processing operations that present similar risks. • The bad news is that the exact methodology will be implemented by delegated act
Mandatory Data Protection Officer (35) • The data protection officer should have at least the following qualifications: • extensive knowledge of the substance and application of data protection law, including technical and organisational measures and procedures; • mastery of technical requirements for privacy by design, privacy by default and data security; • industry-specific knowledge in accordance with the size of the controller or processor and the sensitivity of the data to be processed; • the ability to carry out inspections, consultation, documentation, and log file analysis; and • the ability to work with employee representation. • The controller should enable the data protection officer to take part in advanced training measures to maintain the specialized knowledge required to perform his or her duties. • The designation as a data protection officer does not necessarily require fulltime occupation of the respective employee.
Consent: Procedural aspects • To be valid, consent to the processing of personal data must: • be separated from other matters (eg consent to treatment) • If the data subject's consent is given in the context of a written declaration which also concerns another matter, the requirement to give consent must be presented clearly distinguishable in its appearance from this other matter. Provisions on the data subject’s consent which are partly in violation of this Regulation are fully void. • comply with national laws if given on behalf of a child or someone lacking capacity • In case of a child or a person lacking legal capacity, relevant Union or Member State law should determine the conditions under which consent is given or authorised by that person.
Scenarios re Validity of Consent • Status of valid consent given under the existing DP Directive? • Valid if consent was a condition of entry into a clinical investigation? • Not freely given if the data subject would suffer detriment by refusing or withdrawing consent • Will consent given in a clinical investigation of product X be valid if it leads to a new product Y? • What if X was a HPV diagnostic and Y a new “morning after” pill? • Valid when given by a patient to a doctor (power imbalance)? • Valid if given in a single document with the consent to treatment? • Valid if given in the same consultation as the consent to treatment? • What if consent will skew (or invalidate) the results of the study?
Consent in the context of a clinical trial • Difficult to be certain that consent obtained in a clinical context (trial, investigation or other) will satisfy data protection requirements • Consent ceases to legitimise once processing is no longer necessary • Secondary purposes must be compatible with the original purpose or “re-consent” • Consent rigor makes these derogations more important: • Medical treatment privilege - Article 81(1)(a) • Public health purposes – Article 81(1)(b) • Genetic data – Article 81a • Research Purposes – Article 83 • Parliament, Commission and Council vary considerably in position on derogations
Derogations from consent requirement • In the absence of explicit consent, unless the processing is necessary to protect the vital interests of the data subject, processing of sensitive data concerning health is only permitted for: • tasks carried out in the substantial public interest; • health purposes subject to the conditions and safeguards (e.g. obligations of professional secrecy); or • scientific research subject to the adequate legal safeguards. • When relying on derogation, should still disclose the possible or proposed processing in the interests of “fairness” (a fundamental Data Protection Principle)
Medical treatment derogation
Derogation for Research Purposes • Commission, Parliament and Council propose different standards for the derogation • Export of personal data outside Europe for research purposes probably requires explicit consent or other derogations – no recognition of the value of international research
Derogation for Research Purposes
Confusion about pseudonimisation Council recital
Confusion about pseudonimisation • Definition of a pseudo-category of personal data without clarity on what standards apply
Exporting personal data • Can only transfer personal data outside the EEA: • to a country whose DP laws have been approved by the EC; or • if there is an adequate level of protection for the rights of data subjects • The United States does not offer “adequate protection” • The data controller may: • carry out his own assessment of the adequacy of the protection • use contracts to ensure adequacy • obtain EC approval for a set of Binding Corporate Rules governing intra-group data transfers • rely on one of the exceptions to the prohibitions on transfers of personal data outside the EEA • Use “Safe Harbours” [Schrems vs Facebook] • Where the data controller has found a basis to legitimise the transfer, this must be disclosed for “fairness”
Exporting personal data (2) • While the data controller could ask the data subject to consent to the export of personal data to a country that does not have adequate protection, the data subject must have consented unambiguously to the proposed transfer: Art. 26(1) • To be valid, this consent must be a freely given, specific and informed: Art. 2(h) • Hence, consent is rarely used as the sole criteria to justify exports of personal data on an ongoing basis: e.g. heuristic systems • Most data controllers take the view that the proposed “export” must be disclosed to the data subject to satisfy the requirement of fairness
Data Subject’s rights • Data subjects are granted a right of access – a right to obtain a copy of data concerning them provided in a commonly used electronic format. • Data subjects have rights to have data corrected or erased • The right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain a copy of the data concerning them also in commonly used electronic format. The data subject should also be allowed to transmit those data, which they have provided, from one automated application, such as a social network, into another one. • Data controllers should be encouraged to develop interoperable formats that enable data portability. • These requirements are challenging in clinical contexts or in the context of Big Data. | 26
In conclusion • Consent alone will be a “brave” justification for data processing • Articles 81 and 83 become crucial for secondary processing • If Parliament amendments are accepted, it will be VERY difficult to justify many registry studies, retrospective studies or health technology assessments under the research derogation • Article 83 will only be available for the processing of sensitive personal data (broadly defined) if: • There is an exceptionally high pubic interest • The research cannot be conducted data cannot take place in any other way • The data is anonymised or pseudonymised to the highest technical standards • Even if Parliament amendments are not accepted, significant work will be needed to justify many studies (particularly any study re label extensions, comparisons with competitors, health economics or retrospective studies)
European Data Protection Supervisor:
www.axonlawyers.com THANKS FOR YOUR ATTENTION Erik Vollebregt Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam T +31 88 650 6500 F +31 88 650 6555 M +31 6 47 180 683 E erik.vollebregt@axonlawyers.com @meddevlegal B http://medicaldeviceslegal.com READ MY BLOG: http://medicaldeviceslegal.com

Recommended

EU General Data Protection Regulation top 8 operational impacts in personal c...
EU General Data Protection Regulation top 8 operational impacts in personal c...EU General Data Protection Regulation top 8 operational impacts in personal c...
EU General Data Protection Regulation top 8 operational impacts in personal c...Erik Vollebregt
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security Erik Vollebregt
 
Transparency under the new MDR and IVDR
Transparency under the new MDR and IVDRTransparency under the new MDR and IVDR
Transparency under the new MDR and IVDRErik Vollebregt
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
Advamed MDR IVDR update
Advamed MDR IVDR updateAdvamed MDR IVDR update
Advamed MDR IVDR updateErik Vollebregt
 
3d printing and biofabrication
3d printing and biofabrication3d printing and biofabrication
3d printing and biofabricationErik Vollebregt
 
Use of left over samples under the IVDR and GDPR
Use of left over samples under the IVDR and GDPRUse of left over samples under the IVDR and GDPR
Use of left over samples under the IVDR and GDPRErik Vollebregt
 
Trends in EU regulation of software as medical device
Trends in EU regulation of software as medical deviceTrends in EU regulation of software as medical device
Trends in EU regulation of software as medical deviceErik Vollebregt
 

Recommended

EU General Data Protection Regulation top 8 operational impacts in personal c...
EU General Data Protection Regulation top 8 operational impacts in personal c...EU General Data Protection Regulation top 8 operational impacts in personal c...
EU General Data Protection Regulation top 8 operational impacts in personal c...Erik Vollebregt
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security Erik Vollebregt
 
Transparency under the new MDR and IVDR
Transparency under the new MDR and IVDRTransparency under the new MDR and IVDR
Transparency under the new MDR and IVDRErik Vollebregt
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
Advamed MDR IVDR update
Advamed MDR IVDR updateAdvamed MDR IVDR update
Advamed MDR IVDR updateErik Vollebregt
 
3d printing and biofabrication
3d printing and biofabrication3d printing and biofabrication
3d printing and biofabricationErik Vollebregt
 
Use of left over samples under the IVDR and GDPR
Use of left over samples under the IVDR and GDPRUse of left over samples under the IVDR and GDPR
Use of left over samples under the IVDR and GDPRErik Vollebregt
 
Trends in EU regulation of software as medical device
Trends in EU regulation of software as medical deviceTrends in EU regulation of software as medical device
Trends in EU regulation of software as medical deviceErik Vollebregt
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...Erik Vollebregt
 
New legal obligations under MDR and IVDR
New legal obligations under MDR and IVDRNew legal obligations under MDR and IVDR
New legal obligations under MDR and IVDRErik Vollebregt
 
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...qserveconference2013
 
Recent and future developments in UDI for medical devices in the EU
Recent and future developments in UDI for medical devices in the EURecent and future developments in UDI for medical devices in the EU
Recent and future developments in UDI for medical devices in the EUErik Vollebregt
 
MMA roadshow m health summit europe
MMA roadshow m health summit europeMMA roadshow m health summit europe
MMA roadshow m health summit europeErik Vollebregt
 
Cybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EUCybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EUErik Vollebregt
 
Mma roadshow mHealth in the EU
Mma roadshow mHealth in the EUMma roadshow mHealth in the EU
Mma roadshow mHealth in the EUErik Vollebregt
 
eHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile HealtheHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile Healthulmedical
 
E health, mhealth and apps
E health, mhealth and appsE health, mhealth and apps
E health, mhealth and appsErik Vollebregt
 
GDPR and Research Data Management
GDPR and Research Data ManagementGDPR and Research Data Management
GDPR and Research Data ManagementLondon School of Hygiene and Tropical Medicine
 
From Servers to Medical Devices
From Servers to Medical DevicesFrom Servers to Medical Devices
From Servers to Medical DevicesPlan de Calidad para el SNS
 
Netherland medical devices compliance update
Netherland medical devices compliance update Netherland medical devices compliance update
Netherland medical devices compliance update Erik Vollebregt
 
DPIA
DPIADPIA
DPIAMartyn Ripley
 
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...YourEncoreInc
 
E health platform progress and prospects and evolution of health care
E health platform progress and prospects and evolution of health careE health platform progress and prospects and evolution of health care
E health platform progress and prospects and evolution of health careMao Sararith
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...IAB Bulgaria
 
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...Levi Shapiro
 
Information governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applicationsInformation governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applicationsHANDI HEALTH
 
Mdds sundararaman 12th meeting
Mdds sundararaman 12th meetingMdds sundararaman 12th meeting
Mdds sundararaman 12th meetingPankaj Gupta
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterBrowne Jacobson LLP
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 

More Related Content

What's hot

EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...Erik Vollebregt
 
New legal obligations under MDR and IVDR
New legal obligations under MDR and IVDRNew legal obligations under MDR and IVDR
New legal obligations under MDR and IVDRErik Vollebregt
 
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...qserveconference2013
 
Recent and future developments in UDI for medical devices in the EU
Recent and future developments in UDI for medical devices in the EURecent and future developments in UDI for medical devices in the EU
Recent and future developments in UDI for medical devices in the EUErik Vollebregt
 
MMA roadshow m health summit europe
MMA roadshow m health summit europeMMA roadshow m health summit europe
MMA roadshow m health summit europeErik Vollebregt
 
Cybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EUCybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EUErik Vollebregt
 
Mma roadshow mHealth in the EU
Mma roadshow mHealth in the EUMma roadshow mHealth in the EU
Mma roadshow mHealth in the EUErik Vollebregt
 
eHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile HealtheHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile Healthulmedical
 
E health, mhealth and apps
E health, mhealth and appsE health, mhealth and apps
E health, mhealth and appsErik Vollebregt
 
Netherland medical devices compliance update
Netherland medical devices compliance update Netherland medical devices compliance update
Netherland medical devices compliance update Erik Vollebregt
 
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...YourEncoreInc
 
E health platform progress and prospects and evolution of health care
E health platform progress and prospects and evolution of health careE health platform progress and prospects and evolution of health care
E health platform progress and prospects and evolution of health careMao Sararith
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...IAB Bulgaria
 
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...Levi Shapiro
 
Information governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applicationsInformation governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applicationsHANDI HEALTH
 
Mdds sundararaman 12th meeting
Mdds sundararaman 12th meetingMdds sundararaman 12th meeting
Mdds sundararaman 12th meetingPankaj Gupta
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 

What's hot (20)

EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...
 
New legal obligations under MDR and IVDR
New legal obligations under MDR and IVDRNew legal obligations under MDR and IVDR
New legal obligations under MDR and IVDR
 
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...
Software and Smartphone Applications By E. Vollebregt - Axon Lawers (Qserve C...
 
Recent and future developments in UDI for medical devices in the EU
Recent and future developments in UDI for medical devices in the EURecent and future developments in UDI for medical devices in the EU
Recent and future developments in UDI for medical devices in the EU
 
MMA roadshow m health summit europe
MMA roadshow m health summit europeMMA roadshow m health summit europe
MMA roadshow m health summit europe
 
Cybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EUCybersecurity for medical devices in the EU
Cybersecurity for medical devices in the EU
 
Mma roadshow mHealth in the EU
Mma roadshow mHealth in the EUMma roadshow mHealth in the EU
Mma roadshow mHealth in the EU
 
eHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile HealtheHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile Health
 
E health, mhealth and apps
E health, mhealth and appsE health, mhealth and apps
E health, mhealth and apps
 
GDPR and Research Data Management
GDPR and Research Data ManagementGDPR and Research Data Management
GDPR and Research Data Management
 
From Servers to Medical Devices
From Servers to Medical DevicesFrom Servers to Medical Devices
From Servers to Medical Devices
 
Netherland medical devices compliance update
Netherland medical devices compliance update Netherland medical devices compliance update
Netherland medical devices compliance update
 
DPIA
DPIADPIA
DPIA
 
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
EU Medical Device Regulation: Preparing for Disruptive (yet Incomplete) Regu...
 
E health platform progress and prospects and evolution of health care
E health platform progress and prospects and evolution of health careE health platform progress and prospects and evolution of health care
E health platform progress and prospects and evolution of health care
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...
 
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...
mHealth Israel_Technology, Data & Medical Technologies- the Perfect Storm_Bos...
 
Information governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applicationsInformation governance considerations in developing healthcare applications
Information governance considerations in developing healthcare applications
 
Mdds sundararaman 12th meeting
Mdds sundararaman 12th meetingMdds sundararaman 12th meeting
Mdds sundararaman 12th meeting
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 

Similar to EU Medical Device Clinical Research under the General Data Protection Regulation

Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterBrowne Jacobson LLP
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedomG Prachi
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkeshealthcareisi
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Media_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMedia_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMichelleSaver
 
Constraintsand challenges
Constraintsand challengesConstraintsand challenges
Constraintsand challengesjyotikhadake
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Imac 2011
Imac 2011Imac 2011
Imac 2011sebmojo
 
PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy GuidelinesRomsty
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationClinosolIndia
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 

Similar to EU Medical Device Clinical Research under the General Data Protection Regulation (20)

Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
 
Gdpr for business full
Gdpr for business fullGdpr for business full
Gdpr for business full
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkes
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
Media_644046_smxx (1).pptx
Media_644046_smxx (1).pptxMedia_644046_smxx (1).pptx
Media_644046_smxx (1).pptx
 
Constraintsand challenges
Constraintsand challengesConstraintsand challenges
Constraintsand challenges
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Imac 2011
Imac 2011Imac 2011
Imac 2011
 
PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy Guidelines
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 

More from Erik Vollebregt

Economic operators and the exits
Economic operators and the exitsEconomic operators and the exits
Economic operators and the exitsErik Vollebregt
 
Q1 medical device packaging conference 10 november 2020
Q1 medical device packaging conference 10 november 2020Q1 medical device packaging conference 10 november 2020
Q1 medical device packaging conference 10 november 2020Erik Vollebregt
 
Easy medical devices podcast self tests ivdr
Easy medical devices podcast self tests ivdrEasy medical devices podcast self tests ivdr
Easy medical devices podcast self tests ivdrErik Vollebregt
 
Your legal relationship with your notified body
Your legal relationship with your notified bodyYour legal relationship with your notified body
Your legal relationship with your notified bodyErik Vollebregt
 
Point of-care, biosensors & mobile diagnostics europe 2019
Point of-care, biosensors & mobile diagnostics europe 2019Point of-care, biosensors & mobile diagnostics europe 2019
Point of-care, biosensors & mobile diagnostics europe 2019Erik Vollebregt
 
HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?
HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?
HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?Erik Vollebregt
 
M&A and medical devices presentation
M&A and medical devices presentationM&A and medical devices presentation
M&A and medical devices presentationErik Vollebregt
 
MDR and class I medical devices presentation
MDR and class I medical devices presentationMDR and class I medical devices presentation
MDR and class I medical devices presentationErik Vollebregt
 
Q1 MDR and IVDR PRRC presentation
Q1 MDR and IVDR PRRC presentation Q1 MDR and IVDR PRRC presentation
Q1 MDR and IVDR PRRC presentation Erik Vollebregt
 
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
Legal aspects of the new EU Medical Devices Regulation - known and unknownsLegal aspects of the new EU Medical Devices Regulation - known and unknowns
Legal aspects of the new EU Medical Devices Regulation - known and unknownsErik Vollebregt
 
Advamed Med Tech 2019 countdown presentation
Advamed Med Tech 2019 countdown presentationAdvamed Med Tech 2019 countdown presentation
Advamed Med Tech 2019 countdown presentationErik Vollebregt
 
Managing New Requirement for Economic Operator Regime
Managing New Requirement for Economic Operator RegimeManaging New Requirement for Economic Operator Regime
Managing New Requirement for Economic Operator RegimeErik Vollebregt
 
Legal and regulatory developments in precision medicine and diagnostic devices
Legal and regulatory developments in precision medicine and diagnostic devicesLegal and regulatory developments in precision medicine and diagnostic devices
Legal and regulatory developments in precision medicine and diagnostic devicesErik Vollebregt
 
Q1 Medical Devices Regulation - practical consequences for manufacturers
Q1 Medical Devices Regulation - practical consequences for manufacturersQ1 Medical Devices Regulation - practical consequences for manufacturers
Q1 Medical Devices Regulation - practical consequences for manufacturersErik Vollebregt
 
Economic operators under the MDR and IVDR
Economic operators under the MDR and IVDREconomic operators under the MDR and IVDR
Economic operators under the MDR and IVDRErik Vollebregt
 
GDPR and eHealth for the pharma industry (VFenR presentation)
GDPR and eHealth for the pharma industry (VFenR presentation)GDPR and eHealth for the pharma industry (VFenR presentation)
GDPR and eHealth for the pharma industry (VFenR presentation)Erik Vollebregt
 
VZI jaarcongres: de MDR en IVDR - de impact in de medische techniek
VZI jaarcongres: de MDR en IVDR - de impact in de medische techniekVZI jaarcongres: de MDR en IVDR - de impact in de medische techniek
VZI jaarcongres: de MDR en IVDR - de impact in de medische techniekErik Vollebregt
 
NEN symposium on Medical Devices and IVD Regulation
NEN symposium on Medical Devices and IVD RegulationNEN symposium on Medical Devices and IVD Regulation
NEN symposium on Medical Devices and IVD RegulationErik Vollebregt
 
Advamed EU MDR and IVDR panel presentation
Advamed EU MDR and IVDR panel presentationAdvamed EU MDR and IVDR panel presentation
Advamed EU MDR and IVDR panel presentationErik Vollebregt
 
Regulation of Economic Operators under the MDR and IVDR
Regulation of Economic Operators under the MDR and IVDRRegulation of Economic Operators under the MDR and IVDR
Regulation of Economic Operators under the MDR and IVDRErik Vollebregt
 

More from Erik Vollebregt (20)

Economic operators and the exits
Economic operators and the exitsEconomic operators and the exits
Economic operators and the exits
 
Q1 medical device packaging conference 10 november 2020
Q1 medical device packaging conference 10 november 2020Q1 medical device packaging conference 10 november 2020
Q1 medical device packaging conference 10 november 2020
 
Easy medical devices podcast self tests ivdr
Easy medical devices podcast self tests ivdrEasy medical devices podcast self tests ivdr
Easy medical devices podcast self tests ivdr
 
Your legal relationship with your notified body
Your legal relationship with your notified bodyYour legal relationship with your notified body
Your legal relationship with your notified body
 
Point of-care, biosensors & mobile diagnostics europe 2019
Point of-care, biosensors & mobile diagnostics europe 2019Point of-care, biosensors & mobile diagnostics europe 2019
Point of-care, biosensors & mobile diagnostics europe 2019
 
HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?
HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?
HOW TO WORK WITH EMERGENCY RULES RELATING TO COVID 19?
 
M&A and medical devices presentation
M&A and medical devices presentationM&A and medical devices presentation
M&A and medical devices presentation
 
MDR and class I medical devices presentation
MDR and class I medical devices presentationMDR and class I medical devices presentation
MDR and class I medical devices presentation
 
Q1 MDR and IVDR PRRC presentation
Q1 MDR and IVDR PRRC presentation Q1 MDR and IVDR PRRC presentation
Q1 MDR and IVDR PRRC presentation
 
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
Legal aspects of the new EU Medical Devices Regulation - known and unknownsLegal aspects of the new EU Medical Devices Regulation - known and unknowns
Legal aspects of the new EU Medical Devices Regulation - known and unknowns
 
Advamed Med Tech 2019 countdown presentation
Advamed Med Tech 2019 countdown presentationAdvamed Med Tech 2019 countdown presentation
Advamed Med Tech 2019 countdown presentation
 
Managing New Requirement for Economic Operator Regime
Managing New Requirement for Economic Operator RegimeManaging New Requirement for Economic Operator Regime
Managing New Requirement for Economic Operator Regime
 
Legal and regulatory developments in precision medicine and diagnostic devices
Legal and regulatory developments in precision medicine and diagnostic devicesLegal and regulatory developments in precision medicine and diagnostic devices
Legal and regulatory developments in precision medicine and diagnostic devices
 
Q1 Medical Devices Regulation - practical consequences for manufacturers
Q1 Medical Devices Regulation - practical consequences for manufacturersQ1 Medical Devices Regulation - practical consequences for manufacturers
Q1 Medical Devices Regulation - practical consequences for manufacturers
 
Economic operators under the MDR and IVDR
Economic operators under the MDR and IVDREconomic operators under the MDR and IVDR
Economic operators under the MDR and IVDR
 
GDPR and eHealth for the pharma industry (VFenR presentation)
GDPR and eHealth for the pharma industry (VFenR presentation)GDPR and eHealth for the pharma industry (VFenR presentation)
GDPR and eHealth for the pharma industry (VFenR presentation)
 
VZI jaarcongres: de MDR en IVDR - de impact in de medische techniek
VZI jaarcongres: de MDR en IVDR - de impact in de medische techniekVZI jaarcongres: de MDR en IVDR - de impact in de medische techniek
VZI jaarcongres: de MDR en IVDR - de impact in de medische techniek
 
NEN symposium on Medical Devices and IVD Regulation
NEN symposium on Medical Devices and IVD RegulationNEN symposium on Medical Devices and IVD Regulation
NEN symposium on Medical Devices and IVD Regulation
 
Advamed EU MDR and IVDR panel presentation
Advamed EU MDR and IVDR panel presentationAdvamed EU MDR and IVDR panel presentation
Advamed EU MDR and IVDR panel presentation
 
Regulation of Economic Operators under the MDR and IVDR
Regulation of Economic Operators under the MDR and IVDRRegulation of Economic Operators under the MDR and IVDR
Regulation of Economic Operators under the MDR and IVDR
 

Recently uploaded

Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...narwatsonia7
 
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Miss joya
 
Russian Call Girls in Pune Tanvi 9907093804 Short 1500 Night 6000 Best call g...
Russian Call Girls in Pune Tanvi 9907093804 Short 1500 Night 6000 Best call g...Russian Call Girls in Pune Tanvi 9907093804 Short 1500 Night 6000 Best call g...
Russian Call Girls in Pune Tanvi 9907093804 Short 1500 Night 6000 Best call g...Miss joya
 
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiCall Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiNehru place Escorts
 
Call Girls Service Surat Samaira ❤️🍑 8250192130 👄 Independent Escort Service ...
Call Girls Service Surat Samaira ❤️🍑 8250192130 👄 Independent Escort Service ...Call Girls Service Surat Samaira ❤️🍑 8250192130 👄 Independent Escort Service ...
Call Girls Service Surat Samaira ❤️🍑 8250192130 👄 Independent Escort Service ...CALL GIRLS
 
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Availablenarwatsonia7
 
Call Girl Chennai Indira 9907093804 Independent Call Girls Service Chennai
Call Girl Chennai Indira 9907093804 Independent Call Girls Service ChennaiCall Girl Chennai Indira 9907093804 Independent Call Girls Service Chennai
Call Girl Chennai Indira 9907093804 Independent Call Girls Service ChennaiNehru place Escorts
 
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.MiadAlsulami
 
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...Garima Khatri
 
Call Girls Chennai Megha 9907093804 Independent Call Girls Service Chennai
Call Girls Chennai Megha 9907093804 Independent Call Girls Service ChennaiCall Girls Chennai Megha 9907093804 Independent Call Girls Service Chennai
Call Girls Chennai Megha 9907093804 Independent Call Girls Service ChennaiNehru place Escorts
 
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service CoimbatoreCall Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatorenarwatsonia7
 
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowSonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowRiya Pathan
 
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceCALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceMiss joya
 
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Deliverynehamumbai
 
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore EscortsCall Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escortsvidya singh
 
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...narwatsonia7
 
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% SafeBangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safenarwatsonia7
 

Recently uploaded (20)

Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
Russian Call Girl Brookfield - 7001305949 Escorts Service 50% Off with Cash O...
 
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
Russian Call Girls in Pune Riya 9907093804 Short 1500 Night 6000 Best call gi...
 
Russian Call Girls in Pune Tanvi 9907093804 Short 1500 Night 6000 Best call g...
Russian Call Girls in Pune Tanvi 9907093804 Short 1500 Night 6000 Best call g...Russian Call Girls in Pune Tanvi 9907093804 Short 1500 Night 6000 Best call g...
Russian Call Girls in Pune Tanvi 9907093804 Short 1500 Night 6000 Best call g...
 
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service ChennaiCall Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
Call Girls Service Chennai Jiya 7001305949 Independent Escort Service Chennai
 
sauth delhi call girls in Bhajanpura 🔝 9953056974 🔝 escort Service
sauth delhi call girls in Bhajanpura 🔝 9953056974 🔝 escort Servicesauth delhi call girls in Bhajanpura 🔝 9953056974 🔝 escort Service
sauth delhi call girls in Bhajanpura 🔝 9953056974 🔝 escort Service
 
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
Russian Call Girls in Delhi Tanvi ➡️ 9711199012 💋📞 Independent Escort Service...
 
Call Girls Service Surat Samaira ❤️🍑 8250192130 👄 Independent Escort Service ...
Call Girls Service Surat Samaira ❤️🍑 8250192130 👄 Independent Escort Service ...Call Girls Service Surat Samaira ❤️🍑 8250192130 👄 Independent Escort Service ...
Call Girls Service Surat Samaira ❤️🍑 8250192130 👄 Independent Escort Service ...
 
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service AvailableCall Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
Call Girls Yelahanka Just Call 7001305949 Top Class Call Girl Service Available
 
Call Girl Chennai Indira 9907093804 Independent Call Girls Service Chennai
Call Girl Chennai Indira 9907093804 Independent Call Girls Service ChennaiCall Girl Chennai Indira 9907093804 Independent Call Girls Service Chennai
Call Girl Chennai Indira 9907093804 Independent Call Girls Service Chennai
 
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
Artifacts in Nuclear Medicine with Identifying and resolving artifacts.
 
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
VIP Mumbai Call Girls Hiranandani Gardens Just Call 9920874524 with A/C Room ...
 
Call Girls Chennai Megha 9907093804 Independent Call Girls Service Chennai
Call Girls Chennai Megha 9907093804 Independent Call Girls Service ChennaiCall Girls Chennai Megha 9907093804 Independent Call Girls Service Chennai
Call Girls Chennai Megha 9907093804 Independent Call Girls Service Chennai
 
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service CoimbatoreCall Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
Call Girl Coimbatore Prisha☎️ 8250192130 Independent Escort Service Coimbatore
 
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call NowSonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
Sonagachi Call Girls Services 9907093804 @24x7 High Class Babes Here Call Now
 
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls ServiceCALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
CALL ON ➥9907093804 🔝 Call Girls Hadapsar ( Pune) Girls Service
 
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls Colaba Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore EscortsCall Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
Call Girls Horamavu WhatsApp Number 7001035870 Meeting With Bangalore Escorts
 
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
Russian Call Girls Chickpet - 7001305949 Booking and charges genuine rate for...
 
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCREscort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
Escort Service Call Girls In Sarita Vihar,, 99530°56974 Delhi NCR
 
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% SafeBangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
Bangalore Call Girls Majestic 📞 9907093804 High Profile Service 100% Safe
 

EU Medical Device Clinical Research under the General Data Protection Regulation

  • 1. PATIENT DATA MANAGEMENT UNDER THE GDPR 8TH ANNUAL EU MEDICAL DEVICE CLINICAL RESEARCH 6 November 2015 Erik Vollebregt www.axonadvocaten.nl
  • 2. General Data Protection Regulation The current EU system is: • Fragmented • Outdated • Unclear Proposal for a new framework: The General Data Protection Regulation. • Regulation: direct effect in member states (no national legislation except implementation) • Requires significant work by mHealth companies to implement Looks to be finished end of 2015 – in force 2016?
  • 4. GDPR: interfaces Dependencies with other legislation on security and data breaches • e-Privacy directive (2002/58) • NIS directive (in trilogue)
  • 6. Background • Proposed new General Data Protection Regulation on clinical investigations and clinical data • In Vitro Diagnostics Regulation • Medical Devices Regulation • To address national inconsistencies, each of the new laws will be a Regulation rather than a Directive. While this is intended to harmonise the approach to these issues, it will increase the compliance burden and increases uncertainty • Impact • Practical preparations for the draft Regulations
  • 7. Overview of Data Protection • Significant Changes in Data Protection Regulation • Consent • Research • Administratively burdensome bureaucracy • Fines • Collateral damage: ‘Potentially catastrophic’ effects on biobanks, registries, personalised medicine, e-health and the development of new therapies • What we hate in marketing and social media, we actually want in health care • further processing, monitoring, profiling, predictions, traceability, secondary processing • Innovative and/or long-term uses of personal data are problematic • known unknowns and unknown unknowns • International transfers and sharing of personal data
  • 8. What is the same • “Personal Data” remains a cornerstone • Reasonable likelihood of identification of an individual remains a dynamic test – probably • Data can still become “personal” as a result of technological or other reasons (mosaicing) • Privileged status of “data concerning health” (and data re racial or ethnic origin) requires extra care • Consent to processing (and purpose limitation) remains a cornerstone • Capacity to consent remains a matter of national law • Focus remains on each act of processing personal data rather than the collection or holding of data. The data controller must verify that there is a legitimate basis for the processing • Even anonymising or pseudonymising data = processing • Export of personal data outside EEA only permissible with adequate level of protection
  • 9. What Changes (or is clarified) (1) • “Personal data” Likelihood of identification of data subject • Deleted qualifier “by means reasonably likely” (but this may come back) • Added a definition of “pseudonymisation” which appears to mean that pseudonymised data remains personal data regardless of the number and nature of steps taken to key code • Consent requirements/invalidation • Broad consent and “opt-out” consent explicitly rejected • Biological samples should be considered identifiable data • Definitions of Genetic data and Biometric data • Scope of the Research derogation under threat
  • 10. What Changes (or is clarified) (2) • Data Protection becomes a fundamental right • Access Rights • Impact Assessments required • Data Protection Officers • Right to compensation for incompliant processing • Fines • staggered fines for violations depening on severity up to € 1 mio / 2% world wide annual turnover but final percentage / threshold still under debate (may go up to 5%)
  • 11. Consent: Validity & Purpose Limitation • To be valid, consent to the processing of personal data must: • be freely given, specific, informed and explicit • be a clear affirmative action (no opt-outs) • The use of default options which the data subject is required to modify to object to the processing, such as pre-ticked boxes, does not express free consent. • cover all processing activities carried out for the same purpose. • Once the original purpose ends, data subject must re-consent/ re-affirm. • Consent shall be purpose-limited and shall lose its validity when the purpose ceases to exist or as soon as the processing of personal data is no longer necessary for carrying out the purpose for which they were originally collected. • Where the conclusion of the intended purpose is unclear, the controller should in regular intervals provide the data subject with information about the processing and request a re-affirmation of their consent.
  • 12. Consent by persons lacking legal capacity • What is the best approach to re-consent from a person who loses capacity as a result of a degenerative condition? • Broad consent before the data subject loses capacity? • Power of Attorney (or equivalent) before the data subject loses capacity? • “Delegated” or “surrogate” consent? • Consent to such actions processing as is approved by the Registry’s Ethics Committee (in line with Helsinki Declaration)
  • 13. Impact Assessment: Art 33 • Data controller must conduct impact assessments on the rights and freedoms of the data subjects, especially their right to protection of personal data when processing: • [personal data relating to more than 5000 data subjects during any consecutive 12-month period;] • “special categories of personal data” - personal data revealing race or ethnic origin; genetic or biometric data or data concerning health or sex life; • [location data or data on children in large scale filing systems]; or • personal data for the provision of health care, epidemiological researches, or surveys of mental or infectious diseases, where the data are processed for taking measures or decisions regarding specific individuals on a large scale. • The good news is that a single assessment may suffice for similar processing operations that present similar risks. • The bad news is that the exact methodology will be implemented by delegated act
  • 14. Mandatory Data Protection Officer (35) • The data protection officer should have at least the following qualifications: • extensive knowledge of the substance and application of data protection law, including technical and organisational measures and procedures; • mastery of technical requirements for privacy by design, privacy by default and data security; • industry-specific knowledge in accordance with the size of the controller or processor and the sensitivity of the data to be processed; • the ability to carry out inspections, consultation, documentation, and log file analysis; and • the ability to work with employee representation. • The controller should enable the data protection officer to take part in advanced training measures to maintain the specialized knowledge required to perform his or her duties. • The designation as a data protection officer does not necessarily require fulltime occupation of the respective employee.
  • 15. Consent: Procedural aspects • To be valid, consent to the processing of personal data must: • be separated from other matters (eg consent to treatment) • If the data subject's consent is given in the context of a written declaration which also concerns another matter, the requirement to give consent must be presented clearly distinguishable in its appearance from this other matter. Provisions on the data subject’s consent which are partly in violation of this Regulation are fully void. • comply with national laws if given on behalf of a child or someone lacking capacity • In case of a child or a person lacking legal capacity, relevant Union or Member State law should determine the conditions under which consent is given or authorised by that person.
  • 16. Scenarios re Validity of Consent • Status of valid consent given under the existing DP Directive? • Valid if consent was a condition of entry into a clinical investigation? • Not freely given if the data subject would suffer detriment by refusing or withdrawing consent • Will consent given in a clinical investigation of product X be valid if it leads to a new product Y? • What if X was a HPV diagnostic and Y a new “morning after” pill? • Valid when given by a patient to a doctor (power imbalance)? • Valid if given in a single document with the consent to treatment? • Valid if given in the same consultation as the consent to treatment? • What if consent will skew (or invalidate) the results of the study?
  • 17. Consent in the context of a clinical trial • Difficult to be certain that consent obtained in a clinical context (trial, investigation or other) will satisfy data protection requirements • Consent ceases to legitimise once processing is no longer necessary • Secondary purposes must be compatible with the original purpose or “re-consent” • Consent rigor makes these derogations more important: • Medical treatment privilege - Article 81(1)(a) • Public health purposes – Article 81(1)(b) • Genetic data – Article 81a • Research Purposes – Article 83 • Parliament, Commission and Council vary considerably in position on derogations
  • 18. Derogations from consent requirement • In the absence of explicit consent, unless the processing is necessary to protect the vital interests of the data subject, processing of sensitive data concerning health is only permitted for: • tasks carried out in the substantial public interest; • health purposes subject to the conditions and safeguards (e.g. obligations of professional secrecy); or • scientific research subject to the adequate legal safeguards. • When relying on derogation, should still disclose the possible or proposed processing in the interests of “fairness” (a fundamental Data Protection Principle)
  • 20. Derogation for Research Purposes • Commission, Parliament and Council propose different standards for the derogation • Export of personal data outside Europe for research purposes probably requires explicit consent or other derogations – no recognition of the value of international research
  • 23. Confusion about pseudonimisation • Definition of a pseudo-category of personal data without clarity on what standards apply
  • 24. Exporting personal data • Can only transfer personal data outside the EEA: • to a country whose DP laws have been approved by the EC; or • if there is an adequate level of protection for the rights of data subjects • The United States does not offer “adequate protection” • The data controller may: • carry out his own assessment of the adequacy of the protection • use contracts to ensure adequacy • obtain EC approval for a set of Binding Corporate Rules governing intra-group data transfers • rely on one of the exceptions to the prohibitions on transfers of personal data outside the EEA • Use “Safe Harbours” [Schrems vs Facebook] • Where the data controller has found a basis to legitimise the transfer, this must be disclosed for “fairness”
  • 25. Exporting personal data (2) • While the data controller could ask the data subject to consent to the export of personal data to a country that does not have adequate protection, the data subject must have consented unambiguously to the proposed transfer: Art. 26(1) • To be valid, this consent must be a freely given, specific and informed: Art. 2(h) • Hence, consent is rarely used as the sole criteria to justify exports of personal data on an ongoing basis: e.g. heuristic systems • Most data controllers take the view that the proposed “export” must be disclosed to the data subject to satisfy the requirement of fairness
  • 26. Data Subject’s rights • Data subjects are granted a right of access – a right to obtain a copy of data concerning them provided in a commonly used electronic format. • Data subjects have rights to have data corrected or erased • The right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain a copy of the data concerning them also in commonly used electronic format. The data subject should also be allowed to transmit those data, which they have provided, from one automated application, such as a social network, into another one. • Data controllers should be encouraged to develop interoperable formats that enable data portability. • These requirements are challenging in clinical contexts or in the context of Big Data. | 26
  • 27. In conclusion • Consent alone will be a “brave” justification for data processing • Articles 81 and 83 become crucial for secondary processing • If Parliament amendments are accepted, it will be VERY difficult to justify many registry studies, retrospective studies or health technology assessments under the research derogation • Article 83 will only be available for the processing of sensitive personal data (broadly defined) if: • There is an exceptionally high pubic interest • The research cannot be conducted data cannot take place in any other way • The data is anonymised or pseudonymised to the highest technical standards • Even if Parliament amendments are not accepted, significant work will be needed to justify many studies (particularly any study re label extensions, comparisons with competitors, health economics or retrospective studies)
  • 29. www.axonlawyers.com THANKS FOR YOUR ATTENTION Erik Vollebregt Axon Lawyers Piet Heinkade 183 1019 HC Amsterdam T +31 88 650 6500 F +31 88 650 6555 M +31 6 47 180 683 E erik.vollebregt@axonlawyers.com @meddevlegal B http://medicaldeviceslegal.com READ MY BLOG: http://medicaldeviceslegal.com

Editor's Notes

  1. Parties propose the concept of one-time consent instead of re-consent to every use of their data