Webinar Date & Time
11 September 2019 from 10:00 AM to 11:30 AM (CEST)
A year ago, the GDPR came into effect. We were told about consent. We knew the consent. The two concepts seemed identical. It would be quite simple to reconcile the GDPR with the CTR.
Then we thought about implementing the GDPR and thought about its concepts. We therefore had to answer the first question in the implementation of the GDPR for clinical trials: what is the legal basis for the processing of personal data? And there, surprise… it was not that clear at all.
Consent is not the lawful basis for the processing of personal data in the processing of clinical trial data? Then we discovered that the consent is the lawful basis, the participating subject would be entitled to request to delete all collected data. This is contradicting the CTR which says that in case of consent withdrawal, collected data must be kept and processed and cannot be removed.
We therefore tried to think a little more and find solutions for the implementation of GDPR for clinical trials. We discovered new legal basis for processing of personal data and found that some of them would be of interest for clinical trials and allowed to reconcile GDPR and CTR.
Since then, the authorities have also helped us to interpret the two regulations.
In mid-January, the European Data Protection Board published a series of questions / answers to better understand the relationship between the two regulations.
At the end of March, the Council of Europe published a recommendation on the protection of health-related data.
This session will provide detailed information on how to interpret GDPR according to CTR and other publications. We will finally cover the future of GDPR implementation for CROs with a Code of Conduct. Indeed, authorities encourage the setting up of code of conducts which would help ensuring interpretation and compliance with regulations in various data processing sectors.
A Code of Conduct would then also help data controllers in setting up confident relations with data processors adhering to the Code of Conduct. Once a Code of Conduct has received approval from the European authorities and once a processor adheres to it, the controller could have a certain level of confidence in the way the processor ensures compliance with regulation.
This session will then also cover the Code of Conduct that is currently being drafted by EUCROF for CROs.