• Skip to primary navigation
  • Skip to content
  • Skip to footer
  • Clinical Research
  • Regulatory + Quality
  • Reimbursement + Health Economics
  • Consulting
  • Approach
  • About
  • Resources
    • Blog
    • News
    • Library
    • Webinars
    • Certifications
  • Contact
    • Careers

RCRI

Expert Advisors. Exact Practices.

GDPR: What It Means and Means for Your Clinical Studies: Part I

Mary Kay Sobcinski, Sr. Clinical Principal Advisor

Have you considered the impact of GDPR on your clinical trials?

In part 1 of this blog, we will discuss the background of GDPR and key elements for sponsor consideration.  In part 2, we’ll discuss specific requirements, including new terms with specific definitions, implications for clinical researchers and sponsors, and required elements to include in GDPR-compliant informed consent forms (ICFs).

Background

The new GDPR went into effect in the European Union (EU) on May 25, 2018. This broad legislation covers many aspects of personal information protection and confidentiality but information and guidance on its application to clinical research are very limited. Remarkably, clinical trials are only mentioned twice in the regulation. Although the regulation is specific to the EU member countries, it is expected that Great Britain will follow or adopt GDPR requirements, even if it exits the EU as planned.

GDPR and Clinical Trials

The previous EU privacy law, EU Directive 95/46/EC, has been superseded by GDPR.  GDPR is intended to harmonize data privacy laws across the EU and to protect the privacy of all individuals while they are in the EU. This regulation is extra-territorial, meaning it applies to any organization that collects or processes personal data of individuals inside the EU, regardless of where the organization collecting or processing is located.  Further, GDPR covers EU residents and non-residents residing in or visiting the EU if their study data are collected while they are in the   EU.

A US study subject travels to the EU and is wearing an activity monitor; if activity monitor data are collected while the subject is in the EU, the subject must have given GDPR-compliant consent for the sponsor to collect those data.

GDPR-covered data are now broader than personal information coverage under previous legislation and include genetic and biometric data. Under GDPR, certain information must be provided to individuals before their personal data are obtained, such as the identity and contact details of the data controller (i.e. the sponsor), the contact details of the data protection officer (the designated person within the sponsor organization), the purposes and legal basis for data processing, the recipients of the data, how long the data will be stored, and the individual’s rights under the legislation.  Children at least 16 years old can provide consent under GDPR, but if under 16 years old, consent must be granted by the holder of parental responsibility over the child.

Consequences

Failure to comply with GDPR has significant consequences.  Heavy fines of up to 4% of a sponsor’s global revenue can be assessed depending on the scope of the violation. Therefore, having a well-defined privacy policy in place to ensure GDPR compliance is critical to preventing violations and potential heavy fines.

Recommendations

RCRI recommends that sponsors develop a privacy policy that specifically addresses GDPR compliance because any study conducted in the EU, or any study that collects information while a subject is in the EU, is governed by GDPR.  Detailed data privacy information must be provided to study participants for GDPR-compliant studies from the very beginning. To ensure subjects receive all of the required GDPR information, include the information in the informed consent form (ICF) unless otherwise specified by a site’s Ethics Committee (EC) or the sponsor’s Competent Authority (CA).

In our next blog, we’ll explore new GDPR terminology and critical elements to include in GDPR-compliant informed consent forms.

RCRI consultants are available to help you navigate the uncharted waters of GDPR.  To be put in touch with an RCRI expert, contact Samantha Spence at sspence@rcri-inc.com or 952-224-2260.

References

Advarra Regulatory The GDPR and its impact on the clinical research community (including non-EU researchers). Advarra. https://www.advarra.com/the-gdpr-and-its-impact-on- the-clinical-research-community-including-non-eu-researchers/ Accessed 31 Jul 2018.Clinical Trial General

Data Protection Regulation: the impact on clinical trials and data subjects. http://www.clinicaltrialsarena.com/uncategorized/general-data-protection-regulation-the- impact-on-clinical-trials-and-data-subjects-5937623-2/ Accessed 31 Jul 2018.

General Data Protection Regulation (GDPR): https://gdpr-info.eu/ Accessed 31 Jul

Gogates How does GDPR affect clinical trials? Applied Clinical Trials. http://www.appliedclinicaltrialsonline.com/how-does-gdpr-affect-clinical-trials Accessed 31 Jul 2018.

Kirsch Howe GDPR affects personal data use in in clinical trials. MassDevice. https://www.massdevice.com/how-gdpr-affects-personal-data-use-in-clinical-trials/ Accessed 31 Jul 2018.

LMK Clinical Research. Is your TMF ready for GDPR? Part two: know your http://www.lmkclinicalresearch.com/blogs/tmf-ready-for-gdpr-part-two/ Accessed 31 Jul 2018.

Proffitt What Europe’s new privacy regulations mean for US trials. Clinical Informatics News. http://www.clinicalinformaticsnews.com/2017/10/24/what-europes-new-privacy-regulations- means-for-us-trials.aspx Accessed 31 Jul 2018.

This two-part blog serves to summarize RCRI’s research on General Data Privacy Regulation (GDPR) compliance for medical device sponsors.  It does not serve as legal advice; it is a summary of information gleaned by RCRI through a review of the GDPR itself and publically available resources on current interpretations of GDPR compliance.  RCRI recommends that sponsors obtain legal counsel on this very new and evolving clinical research topic.

Filed Under: Blog

Footer

  • Site Map
  • Contact
  • About
  • Certifications
  • EU-US Privacy Shield Policy
  • Privacy Policy & Terms of Use
  • Careers
  • Approach
  • Consulting
  • Regulatory + Quality
  • Reimbursement + Health Economics
  • Clinical Research
  • Resources

Regulatory and Clinical Research Institute, Inc.

5353 Wayzata Boulevard, Suite 505
Minneapolis, MN 55416-1334 USA | info@rcri-inc.com | 952.746.8080

© 2018 RCRI Inc. All rights reserved.

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

Powered by GDPR plugin

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

You can adjust all of your cookie settings by navigating the tabs on the left hand side.

More information at our Privacy Policy page.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!