GDPR came into effect across Europe on 25 May 2018 and was transposed into Irish Law via the Data Protection Act 2018. Article 6 (1) of GDPR (2016/679) provides six legal basis for processing personal data while Article 9 (2) provides ten legal basis for processing Sensitive Personal Data (including health data) which are subject to “suitable and specific measures”.   GDPR does not define what suitable and specific measures should be, however, the Health Research Regulation 2018 which came into effect on 7th of August 2018 states in Regulation 3 (1) (a) – (e) that processing of personal data for health research must be necessary to achieve objectives of the research, must not cause damage or distress to individuals, must have appropriate governance structures in place and appropriate processes and procedures in place, must have identified and put in place appropriate transparency arrangements and must have explicit consent from the individual. 

GDPR harmonises data protection laws across Europe and strengthens the seven data protection principles of lawfulness, transparency and fairness, purpose limitation, data minimisation, data accuracy, storage limitation, integrity and confidentiality and accountability. A GDPR certified HRB-CRFG representative links directly with the NUI Galway Data Protection Officer (DPO) and the HSE West Deputy Data Protection Officer (DDPO) who report to the Data Protection Commission (DPC) who are the supervisory authority for Ireland and responsible for overseeing compliance with Health Regulations and GDPR. 

For further information please click the link below.

HRB Clinical Research Facility Galway Data Privacy Statement