GDPR: National Specification Clauses

The analysis of specification clauses contained in Articles 9(4) and 89(2) are particularly relevant for the clinical sector.

• On the one hand, Article 9(4) relates to any conditions or limitations implemented in the national law regarding the processing of special categories of personal data. With respect to this Article, most of the Member States provide conditions and limitations on the processing of genetic data, biometric data or data concerning health. These national specifications typically consist in listing the categories of persons having access to such data, ensuring that they are subject to confidentiality obligations, making processing subject to prior authorization or allowing / restricting processing for specific purposes.

• On the other hand, Article 89(2) provides an overview of safeguards and conditions implemented in case of national derogations for processing for both scientific and historical research purposes. With respect to this Article, most of the Member States provide such derogation and safeguards. The specifications clauses can rely on different matters as Code of conduct for specific sector, proportionality test, consent for some kind of processing but also prior verification of Ethics Committee for certain type of categories of personal data.

Here is the link for the access of the report: