Digitalization in clinical trials is long overdue in Germany and a game changer for medical progress, sure!
But since 25 May 2018 a new data protection regime applies: The EU General Data Protection Regulation (GDPR) accompanied by a completely updated German Federal Data Protection Act (Bundesdatenschutzgesetz). And there is no exemption for clinical trials or digitalization. On the contrary, health data is specially protected under the GDPR and even stricter rules apply when processing health data. In addition, many regulatory laws include specific data protection provisions, many of them requiring ‘written consent’ or ‘informed consent’– such as the German Medicines Law (Arznemittelgesetz) or the Clinical Trials Regulation (CTR). In particular, the simultaneous application of the GDRD and the CTR raises an urgent need to clarify the legal basis for processing personal data in the context of clinical trials. But how do these specific regulations interact with the requirements under the GDPR? Are wet ink signatures required or does the law allow e-consent and e-signatures? And what are the requirements to comply with? We will tell you how to tackle data protection compliance in the interaction of these several regulations and in light of the need for more digitalization in clinical trials.
Laurie-Anne is a Counsel at Allen & Overy in Paris, dedicated to the Telecommunications, Media and Technology sector. She has in-depth experience in the fields of data protection, computer law and information technology. Laurie-Anne has developed an expertise in data protection compliance projects and, more specifically, in the implementation of personal data processing, pan-European data protection strategies and international data transfers, especially in the life sciences sector.
Catharina is an Associate working in the German Data & Data Protection Group and assists several clients across industries with implementing and complying with the GDPR. In particular, she developed a data protection impact assessment with an automated risk assessment helping clients meet their GDPR requirements with an efficient solution. Advising on intragroup and international data transfers, cross-border compliance projects, crisis management of privacy violations, data breaches and cyber-attacks, her work is characterised by the increasing digitalisation. By doing so, she legally secures and enhances the usability of the value “data”.
During her time at Allen & Overy Catharina was seconded for 4 months to a client in the insurance industry and 6 months to our data privacy team in London. Catharina regularly speaks on data privacy topics at conferences and at a master program at a German university.