Real World Evidence (RWE) 101 – The Impact of GDPR on RWE Research

RWE 101 – Real World Evidence (RWE) 101 – The Impact of GDPR on RWE Research

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). Its implementation in May 2018 has had a significant impact on research, particularly in the context of real-world evidence (RWE).

RWE refers to data collected outside of the traditional clinical trial setting, such as electronic health records (EHRs), claims data, and patient-generated data. RWE is increasingly being used to support regulatory decisions and to inform clinical practice. However, the use of RWE must comply with GDPR, which has implications for the collection, processing, and use of personal data in research.

Under GDPR, personal data must be collected and processed lawfully, fairly, and transparently, and individuals have the right to be informed about how their data is being used. This means that researchers must obtain explicit and informed consent from individuals to use their personal data for research purposes. In addition, the data must be pseudonymized or anonymized to protect individuals’ privacy.

GDPR has also increased the administrative burden for researchers, who must ensure that their data management practices are compliant with GDPR. This includes developing and implementing policies and procedures for data protection, privacy, and security, as well as appointing a Data Protection Officer to oversee data management activities.

Overall, GDPR has had a positive impact on research by increasing transparency and protecting the privacy of individuals whose data is used in research. However, compliance with GDPR can be challenging, particularly in the context of RWE, where large volumes of data are collected from multiple sources. It is essential for researchers to work closely with data protection and privacy experts to ensure that their research practices are compliant with GDPR.

Share this story...