An Overview of the General Data Protection Regulation (“GDPR”) for Clinical Research Organizations

James F. Bush, Esq. [1]

Abstract

In 2018, the European Union’s General Data Protection Regulation (“GDPR”) came into full force and effect. With the growth of international multi-center clinical research studies, U.S.-based research organizations and investigators will now be governed by the GDPR to the extent that they control or process Personal Data of EU citizens in the course of their research. While efforts to attain compliance with HIPAA and HITECH within the U.S. provide clinical researchers a head-start in attaining compliance with the GDPR, substantial additional efforts must be undertaken to avoid the risk of enforcement penalties for failure to meet the mandates of the GDPR in conducting clinical research. A basic understanding of the important rights granted to study subjects, the jurisdictional reach of the law, logistical and organizational considerations, and the possible risks of enforcement action is now an essential competency for those engaging in clinical research involving EU citizens. The goal of this paper is to provide a regulatory overview of the law and its effect on clinical research in order to enhance the competency of investigators, project managers, and decision-makers involved in such clinical research.

Continue reading An Overview of the General Data Protection Regulation (“GDPR”) for Clinical Research Organizations