The Effect of the General Data Protection Regulation on Medical Research

BACKGROUND: The enactment of the General Data Protection Regulation (GDPR) will impact on European data science. Particular concerns relating to consent requirements that would severely restrict medical data research have been raised. OBJECTIVE: Our objective is to explain the changes in data protection laws that apply to medical research and to discuss their potential impact. METHODS: Analysis of ethicolegal requirements imposed by the GDPR. RESULTS: The GDPR makes the classification of pseudonymised data as personal data clearer, although it has not been entirely resolved. Biomedical research on personal data where consent has not been obtained must be of substantial public interest. CONCLUSIONS: The GDPR introduces protections for data subjects that aim for consistency across the EU. The proposed changes will make little impact on biomedical data research.