Datenschutzrechtliche Rahmenbedingungen medizinischer Forschung: Vorgaben der EU-Datenschutz-Grundverordnung und national geltender Gesetze

The European Data Protection Regulation applies since May 25th, 2018. It creates a uniform data protection legal framework within the EU. National and international medical research projects, regardless of whether they were started before or after the introduction of the GDPR, are obliged to follow this new regulation and implement it promptly. This raises various challenges for a large number of medical research projects. The University Medicine Greifswald commissioned this legal report, that was prepared by DIERKS+COMPANY. Two real-world research projects, the Baltic Fracture Competence Centre (BFCC) as well as the German Centre for Cardiovascular Research (DZHK) provide use cases, questions, and context for this legal report. It addresses questions regarding all steps of data processing. The report provides practical answers to a wide array of technical and organisational questions in the area of data protection-compliant processing of research data. A comprehensive guide to GDPR-compliant data processing has been developed, which both summarises the broad legal environment and provides specific assistance in the design and implementation of GDPR-compliant data management processes, including Informed Consent, Legal Consequences of Withdrawal, and Privacy by Design.