European Economic Area
Subscribe to European Economic Area's Posts

Health Data in the EU and UK: Regulatory Trends and Developments

With the General Data Protection Regulation (GDPR) resulting in a rise in enforcement incidents, it is prudent for organizations operating in the health and life sciences industries across the United Kingdom, European Union (EU) and other European Economic Area (EEA) nations to assess their responsibilities regarding the gathering and handling of health data.

Major Points:

  • “Data concerning health” is a wide term; it doesn’t just apply to medical records. Policies and processing records should accurately capture all health data, including inference data.
  • Most EEA countries, and the United Kingdom, have national laws that supplement GDPR.
  • Consent is not the only legal basis for collecting, storing and using health data; there are other options available, but be aware that “insufficient legal basis for data processing” is a common type of GDPR violation.
  • If used, health data consents must be granular, specific and transparent, and they must break down all the purposes for which the data is being processed. Consent must be granted on an “opt-in” basis and not as a result of a pre-filled tick box.
  • Health data may be reused for genuine scientific research purposes provided the processing is compatible with the original use, appropriate safeguards are in place and any separate national law conditions are satisfied.
  • Privacy policies and transparency notices must be clear about the basis on which health data is processed.
  • Proceed carefully and consider reidentification risk when relying on anonymisation to process data; document any reidentification risk assessment and periodically review risk assessment in light of developments in publicly available data and evolving risk environment. Technical measures, such as evolving encryption standards, should be reviewed periodically.

Read more here.




read more

Brexit Update: The Effect of Brexit on Data Transfers between the United Kingdom and the European Union

With the United Kingdom having voted to leave the European Union (Brexit) on 23 June 2016, the free flow of personal data between the United Kingdom and EU and European Economic Area (EEA) countries is at risk. Should the United Kingdom also leave the EEA and thus become a “third country” for the purposes of data transfers, EU/EEA businesses that are currently retaining UK service providers or data centres to handle or store personal data, or are planning to do so, would have to carefully re-evaluate this decision.

Read the full article here.




read more

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

Top ranked chambers 2022
US leading firm 2022