University Hospitals Leuven Leuven Belgium.
Centre for IP and IT Law, KU Leuven Leuven Belgium.
Eur J Health Law. 2020 Mar 4;27(1):35-57. doi: 10.1163/15718093-12251009.
The European General Data Protection Regulation (GDPR) has dotted the i's and crossed the t's in the context of academic medical research. One year into GDPR, it is clear that a change of mind and the uptake of new procedures is required. Research organisations have been looking at the possibility to establish a code-of-conduct, good practices and/or guidelines for researchers that translate GDPR's abstract principles to concrete measures suitable for implementation. We introduce a proposal for the implementation of GDPR in the context of academic research which involves the processing of health related data, as developed by a multidisciplinary team at the University Hospitals Leuven. The proposal is based on three elements, three stages and six specific safeguards. Transparency and pseudonymisation are considered key to find a balance between the need for researchers to collect and analyse personal data and the increasing wish of data subjects for informational control.
《欧盟一般数据保护条例》(GDPR)在医学学术研究领域已经面面俱到。GDPR 实施一年以来,显然需要转变思维并采用新程序。研究组织一直在研究为研究人员制定行为准则、良好实践和/或指南的可能性,以便将 GDPR 的抽象原则转化为适合实施的具体措施。我们引入了一个在涉及健康相关数据的学术研究背景下实施 GDPR 的提案,该提案由鲁汶大学医院的多学科团队开发。该提案基于三个要素、三个阶段和六个具体保障措施。透明度和化名被认为是在研究人员收集和分析个人数据的需求与数据主体对信息控制的日益增长的愿望之间取得平衡的关键。
