Conducting clinical research—data protection implications
Produced in partnership with William Long and Francesca Blythe of Sidley Austin
Conducting clinical research—data protection implications

The following Information Law guidance note Produced in partnership with William Long and Francesca Blythe of Sidley Austin provides comprehensive and up to date legal information covering:

  • Conducting clinical research—data protection implications
  • When and why is data protection relevant to clinical research?
  • Responsibility for compliance
  • Transparency
  • Engaging a processor
  • Data protection officer
  • Data protection representative
  • Data protection impact assessments
  • Legal grounds for processing
  • Secondary/further processing for research purposes
  • more

BREXIT: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the General Data Protection Regulation applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for many purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. As a third country, the UK can no longer participate in the EU’s political institutions, agencies, offices, bodies (except to the limited extent agreed), but it must submit to the continuing jurisdiction of the Court of Justice of the EU during the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection. For further reading about the impact of Brexit on the Life Sciences, see: Brexit—Life Sciences and News Analysis: Brexit Bulletin—key updates, research tips and resources.

Data, and consequently data protection compliance, is central to conducting clinical research whether in the context of clinical trials, pharmacovigilance activities and/or scientific research more broadly.

As of 25 May 2018, data protection law in the EU is