EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organisations across the region approach data privacy.
The final Regulation provides more rights to citizens to be better informed about the use made of their personal data, and gives clearer responsibilities to people and entities using personal data. GDPR covers patients’ fundamental right to protection of their health data and is an important issue in diverse contexts such as healthcare, including care given through eHealth or in a cross-border healthcare context, and research (clinical trials, clinical investigations, epidemiological research, patient registries, etc). Health and genetic data belong to the category of ‘sensitive data’, and benefit from additional protection. Refer to Regulation (EU) 2016/679 for more information.