Data protection

French Medical Council and data protection authority (CNIL) publish practical guide on implementation of the GDPR

Laurie-Anne Ancenys

In June 2018, the French Medical Council (Conseil national de l’ordre des médecins) and the French data protection authority (CNIL) published a practical guide for doctors in the context of the implementation of the general regulation on the protection of personal data (GDPR), which has been applicable since 25 May 2018. Physicians, and health care Read More

UK Department for Health and Social Care publishes an initial code of conduct for use of digital technology

Emma Keeling

As big data continues to be big news and data protection law continues to evolve, it is timely that the Department for Health and Social Care (the Department) has published a code of conduct relating to the use of data-driven health and care technology (the Code). Published in its initial form on Wednesday, the code Read More

Processing of health data: first implementing decree on French Personal Data Protection Act

Laurie-Anne Ancenys

Decree 2018-687 implementing Act 2018-493 of 20 June 2018 on the Protection of Personal Data was recently published in the French Official Journal. The decree amends Decree 2005-1309, which implemented the 1978 French Data Protection Act. In particular, it amends the provisions concerning the processing of personal health data by including operating provisions on the processing of Read More

French data protection authority (CNIL) publishes reference methods for health data processing

Laurie-Anne Ancenys

On 16 July 2018, the French Data Protection Authority (CNIL) published revised and new reference methods (MRs) regarding data processing in health research to adapt the existing framework to the EU General Data Protection Regulation (GDPR) and the national health data system (SNDS). Specifically, the CNIL updated: MR-001 on interventional research. MR-003 on non-interventional research. It also Read More

Dutch Data Protection Agency issues guidance on large-scale data processing in healthcare

Iradj Nazaryar

Last month, the Data Protection Agency (DPA) issued guidance on large-scale healthcare data processing. The General Data Protection Regulation requires organisations involved in large-scale processing of data to appoint a Data Protection Officer (DPO) and in certain cases to conduct a Data Protection Impact Assessment (DPIA). In this respect, the guidance clarifies when healthcare providers are Read More