Data protection

French data protection authority (CNIL) publishes reference methods for health data processing

Laurie-Anne Ancenys

On 16 July 2018, the French Data Protection Authority (CNIL) published revised and new reference methods (MRs) regarding data processing in health research to adapt the existing framework to the EU General Data Protection Regulation (GDPR) and the national health data system (SNDS). Specifically, the CNIL updated: MR-001 on interventional research. MR-003 on non-interventional research. It also Read More

Dutch Data Protection Agency issues guidance on large-scale data processing in healthcare

Iradj Nazaryar

Last month, the Data Protection Agency (DPA) issued guidance on large-scale healthcare data processing. The General Data Protection Regulation requires organisations involved in large-scale processing of data to appoint a Data Protection Officer (DPO) and in certain cases to conduct a Data Protection Impact Assessment (DPIA). In this respect, the guidance clarifies when healthcare providers are Read More

Revised French Personal Data Protection Act: Constitutional Court upholds health related provisions included in the bill

Laurie-Anne Ancenys

On 22 June 2018, a new law entered into force, after the French parliament amended the personal data protection bill to reflect a decision of the French Constitutional Court. The court had indeed earlier upheld the majority of the provisions of the French personal data protection bill, which amends Act n. 78-17 on Information Technology, Read More

Belgium launches single online portal for health data

Tine Carmeliet

At the initiative of the Minister for Social Affairs and Health Care, on 8 May 2018, the Belgian government announced the launch of a single online portal for health data entitled “MaSanté – MijnGezondheid“. The portal aims to provide citizens with an easily accessible overview of all existing health data (including their personal data) and Read More

Dutch Data Protection Authority clarifies application of GDPR’s right to be forgotten and data portability to medical records

Iradj Nazaryar

The Dutch Data Protection Authority (DPA) recently published information on its website with respect to the application of the right to be forgotten and data portability to medical records under the General Data Protection Regulation ((EU) 2016/679) (GDPR). According to the DPA, the right to data portability applies only to the personal data that the Read More