GDPR with regard to the European Member States:
Let’s focus on the national specification clauses
March 25, 2021
The European Commission’s Directorate-General for Justice and Consumers has recently issued its Report on the Implementation of Specific Provisions of GDPR.
The main objective pursued by this report is to provide an overview of the implementation by EU Member States of different Articles, including Articles 8(1), 9(4), 23(1)(c) and (e), 23(2), 85(1) and (2), and 89(2), (3), and (4) GDPR. This assessment is based on the national laws in force as at 19 December 2019.
General observations regarding the clinical trials
The analysis of specification clauses contained in Articles 9(4) and 89(2) are particularly relevant for the clinical sector.
- On the one hand, Article 9(4) relates to any conditions or limitations implemented in the national law regarding the processing of special categories of personal data. With respect to this Article, most of the Member States provide conditions and limitations on the processing of genetic data, biometric data or data concerning health. These national specifications typically consist in listing the categories of persons having access to such data, ensuring that they are subject to confidentiality obligations, making processing subject to prior authorization or allowing / restricting processing for specific purposes.
- On the other hand, Article 89(2) provides an overview of safeguards and conditions implemented in case of national derogations for processing for both scientific and historical research purposes. With respect to this Article, most of the Member States provide such derogation and safeguards. The specifications clauses can rely on different matters as Code of conduct for specific sector, proportionality test, consent for some kind of processing but also prior verification of Ethics Committee for certain type of categories of personal data.
Quick overview of the national specificities of certain Member States (BE/DE/ES/FR/IT/NL/PL)
To go further…
Here is the link for the access of the report:
At MyData-Trust we are available to support you in anything related to Data Protection. We can support you with the scope, the Competent Supervisory Authority, about Data Transfers, or be named as your DPO or DPR. Feel free to contact us. MyData-Trust team will put all their efforts to support and sustain your activities involving personal data.