medical research council gdpr training

Our e-learning courses are free for all (once you have set up an account or used your  Login ). Each module aims to provide you with an understanding of the subject area and, where the course is assessed, there is the option to print a certificate when you pass.

If you need information on this website in a different format please get in touch letting us know the format you require at email:  [email protected] .  We’ll discuss your request with you and try our best to meet your needs.

Note : To allow the courses to run properly and track your score successfully please ensure your browser allows Javascript.

Good Research Practice (developed by MRC Head Office)

Applicable to everyone in the research community this section of the LMS provides access to e-learning and guidance materials that introduce the MRC's expectations for good research practice.

Research, GDPR and confidentiality Quiz

The quiz tests your knowledge against these learning outcomes .

You can take the quiz independently of the bite-sized modules.

Research, GDPR and confidentiality – what you really need to know

A series of 10 bite-sized e-learning modules accompanied by supplementary resources.

You will also find information on using data about people in research on the Regulatory Support Centre website

Research and human tissue legislation

This module provides an overview of human tissue legislation in the UK; good practice and practical tips for compliance. It was developed in consultation with the Human Tissue Authority and others.

Note: This module uses software that supports JAWS. If you are having problems accessing the module using a screen reader please get in touch: [email protected].

Research and human tissue legislation assessment - England, Wales & Northern Ireland

This assessment consists of 10 randomly generated questions; the pass mark is 70%. You may repeat the assessment as many times as you wish. A certificate can be printed when you pass the assessment.

Research and human tissue legislation assessment - Scotland

Research and human tissue legislation assessment - england, wales & ni (pre dec 2020).

This is the old version of the Research and Human Tissue Legislation Assessment which used flash. Flash is no longer supported in modern browsers so the assessment has been updated. If you took this assessment and passed the score will still be available in your gradebook.

Research and human tissue legislation assessment - Scotland (Pre Dec 2020)

This online guide leads you through the process of making an application using the Integrated Research Applications System (IRAS).

You can launch this online guide by visiting this link .

GDPR For Clinical Research Professionals

Regulation, more commonly known as the GDPR.

You will be guided by KIM, who will be your coach throughout the presentation and all of your courses. She will guide you through the training and help you build your understanding of the fundamentals of the GDPR.

Industry: CRO, Biotech, Pharma, Investigator sites & Hospitals, Medical Devices, Diagnostic, eHealth and other industries impacted by patient data collection

LEARNING OBJECTIVES:

• Raise awareness of data protection for clinical teams
• Understand how GDPR applies to clinical research
• Know the role and responsibilities of clinical research professionals
• Know the roadmap to design a GDPR compliant clinical study

This course includes a final QUIZ and a personal Certificate of completion.

WHO SHOULD ATTEND?

Anyone who works with health data and understands the basics of the GDPR . This course has been created specifically for those people because health data are considered sensitive data under the GDPR and should be protected with extra care. It is essential to understand how the European Regulation on Data Protection applies in order to know your role, take appropriate precautions, ensure that patient rights are respected and be Audit ready.

It may concern every person from :

• Post Marketing activities
• Medical Affairs
• Regulatory Affairs

Why take this course?

This course has been specifically designed by experienced Data Protection Officers and Clinical Research Professionals for people managing personal health data who would like to understand their role in this European Regulation and its implementation

Prerequisites

Please note that basic knowledge of the GDPR is needed to take full benefit from this course. You can acquire this by following our “ Introduction to the GDPR” course

How it works

You will start with the key concepts of the GDPR applied to clinical research, followed by how to apply them in the context of a clinical study, i.e. what to do and when to do it.

This course is a very practical training, composed of interactive questions and study cases.

Languages ​​available

English French You can contact us for a translation of this training

The prices of our trainings are decreasing according to the desired quantity

DPO of a Clinical Research Organisation Clinical (ClinOps, Data Management, Biometrics Medical Writing, etc.) Post Marketing activities Medical Affairs Pharmacovigilance Regulatory Affairs Quality Management Compliance Regulatory Affairs

Why participate in this e-learning?

Continuous learning, group prices, certificate, interactive experience, developed by gdpr experts.

Ready to take up the challenge?

Contact us for any group purchase request or additional questions about the different courses

We have other trainings for you

Introduction to the GDPR

1h10min | Available in 5 languages

Data Protection for Investigators and Study staff

45min | Available in english

Data Security

30 minutes | Available in 1 language

Final Quizz

Each course includes a final quiz to validate your skills

Completion Certificate

Succeed to the Quiz to obtain your certificate and be able to prove your GDPR training!

Share your certification

You can publish your certificate on LinkedIn and share your success.

Powered by MyData-TRUST

MyData-TRUST is a company specialized in Data Protection, especially in the GDPR. The aim of MyData-TRUST is to provide strategic, operational and organisational support, making an important contribution both legally and technically to the success of your Data Protection implementation and your company as a whole.

• BE +32 (0)7841 709580
• FR +33 (0)7841 709580
• [email protected]
• MyData-TRUST

© 2021 E-Learning GDPR • TVA : BE0678.930.912

Privacy Overview

[email protected]

Gdpr for clinical trials and patients.

Download Course Summary Leaflet

This professionally developed, interactive and engaging online training course has been updated for 2022! It examines the implications of the General Data Protection Regulation (GDPR) that became effective in May 2018 on Clinical Research.

It is suitable for everyone working within Clinical Trials and relevant for patients considering participating in a trial.

Ensuring Clinical Trials are executed to the latest regulatory standards and the highest quality is essential. Companies must ensure that their internal policies are aligned with the regulations defined in the GDPR and avoid non-compliance, the associated penalties and the impact on trial progress.

This course will provide you with a certificate to add to your CV/portfolio to demonstrate that you are up to date with this regulation.

Learning Objectives

• Understand what is meant by Data Protection and the privacy principles
• Gain an understanding of GDPR
• Understand the implications of GDPR for citizens including data subject rights
• Understand the implications of GDPR for Clinical Research
• Discover what you need to do to ensure compliance with the GDPR

Course Content

Course navigation, course support.

This site uses session cookies and persistent cookies to improve the content and structure of the site.

By clicking “ Accept All Cookies ”, you agree to the storing of cookies on this device to enhance site navigation and content, analyse site usage, and assist in our marketing efforts.

By clicking ' See cookie policy ' you can review and change your cookie preferences and enable the ones you agree to.

By dismissing this banner , you are rejecting all cookies and therefore we will not store any cookies on this device.

GDPR guidance

The general data protection regulation (gdpr) came into force on 25 may 2018..

This operational guidance has been produced for researchers and study coordinators on the implications of the GDPR for the delivery of research in the UK.

It has been prepared in collaboration with a range of stakeholders, and reviewed by the Information Commissioner’s Office. The HRA is the body nominated to publish guidance on the implementation of the General Data Protection Regulation and Data Protection Act 2018 for health and social care research.

In most cases the impact on individual research projects will be limited. This guidance is aimed specifically at researchers and study coordinators managing individual research projects, and will therefore be of interest to site and sponsor research managers supporting them. 

The HRA has also published separate guidance relevant at an organisational level for NHS R&D offices, university research offices, company senior managers, Data Protection Officers (DPO), or information governance leads / security architecture leads.

Note: In this guidance, NHS is used to also refer to HSC organisations in Northern Ireland.

Using this guidance

The menu on the left allows you to move between different sections, or by clicking on the blue 'Next' buttons you're able to work through all of the guidance from start to finish.

We will continue to add to the guidance, so please check back for new information.

Read: Janet Messer, HRA's Director of Approvals Service, blogs about what's changed in the latest update

Alongside this guide, we have also produced several templates that may be useful:.

• Privacy notice
• Terms & conditions
• Accessibility statement
• Feedback or concerns

• Sapphire House, Laborie, St Lucia
• 0131 678 6740
• [email protected]

Computer Law Training

Training and consultancy in data protection and GDPR

Data Protection for Clinical Trials and Medical Research

This is an advanced course, focusing on data protection and clinical trials. It discusses the implications of data protection legislation for the conduct of clinical trials and wider medical research.

This means that, in order to deliver focused content in context, t he course assumes you have a basic understanding of data protection.  So, if you do not have this, we strongly recommend that you take our Introduction to Data Protection and the GDPR course first.

If you are involved with clinical trials you are inevitably handling large amounts of very sensitive personal data . As clinical trials are normally international, this data comes from several d ifferent countries. So international data transfer issues are likely to be very complex .  Also, the subjects of the trials are becoming increasingly concerned about what companies do with their personal data. Of course, in addition, clinical trials take place in a heavily regulated context, so data protection compliance is very important.

The course is principally based on UK legislation (UK GDPR and DPA 2018) but also takes account of differences with the EU GDPR and the proposed changes in the UK DPDI Bill.  It also considers the relevant requirements of the Clinical Trials Regulation (CTR) and any official guidance.

Data Protection and Clinical Trials Course content includes:

• brief overview of data protection principles and legal bases
• Private vs public sector
• Confidentiality
• record keeping for consent
• privacy notices for participants
• data subject rights in context
• processor (vendor) contracts and third party risk management
• international transfers – the problem areas and potential technical solutions
• CTR requirements
• pharmacovigilence
• exemptions permitted by GDPR, specified in the Data Protection Act 2018 and similar legislation

• current developments in the UK
• Q&A (preferably dealt with throughout the course)

At Computer Law Training we have extensive experience of delivering data protection training at all levels and have worked with clinical trials companies, providing both training and compliance support.  Although some of the issues do not yet have definitive answers, the course will help you justify your data protection decisions.

Course numbers are limited to 12 and the course is delivered on Zoom , where a ttendees will be expected to use a webcam. Together with Zoom’s chat facility, this allows interaction with the trainer and with other attendees.

To check available dates and price for Data Protection and Clinical Trials see our course availability page . Alternatively, get in touch to find out more.

Cookies & Privacy

Researcher approvals and training

Find details about approved organisations and mandatory training for researchers below.

Introduction

Researchers requiring access to secure datasets will need to remain affiliated with an approved organisation and ensure that their training remains valid throughout the length of their projects. On this page, you'll find details on approved organisations in the UK, mandatory training for researchers and additional approvals that may be required for your project.

Approved organisations

One of the conditions for researchers to gain direct access to secure data is institutional affiliation. You must remain employed or affiliated with an approved organisation throughout the length of your research project.

Approved organisations are currently limited to UK-based public sector organisations, namely, select universities, the NHS, Local Authorities and the Scottish Government. Researchers from other organisations, including commercial and industry, can partner with an approved institution or the eDRIS team for analyses to be carried out on their behalf.

More information on approved institutions can be found on the eDRIS website under 'People affiliated with a trusted organisation' .

If you are a researcher affiliated with an approved UK organisation, use our pre-application checklist to see if you have everything you need to apply for secure access to data. 

Researcher training and panel permissions

Data providers will require researchers to complete specific training courses before accessing secure data. Mandatory training will vary depending on the type of data a researcher needs. Some data providers will include a list of approved courses in their guidance notes and/or application forms. Researchers should check with their data provider to determine which course they must complete.

In general, researchers will be expected to complete and provide proof of information governance and data protection training. Find details on common training modules and requirements for different panel permissions below. 

HSC-PBPP training and guidance for researchers

The Health and Social Care Public Benefit and Privacy Panel (HSC-PBPP) undertakes information governance scrutiny of requests to access NHS Scotland (NHSS) or NHS Central Register (NHSCR) originated data for a variety of purposes. You must complete an application if your research project requires any NHSS originated data relating to individuals, derived from information relating to individuals, or of a sensitive nature.

Researchers should familiar themselves with the guidance on applying for HSC-PBPP approval (Word document download) , which outlines the application and approvals process, as well as required information governance (IG) training.  

Information governance (IG) training

Evidence of IG training is an important aspect of all data access applications, providing assurance that individuals are aware of the privacy, confidentiality, data protection and Caldicott implications of working with personal health data. IG training is typically mandatory in NHSS boards and if you have a contract or honorary contract with an NHSS board, you should have undertaken IG training.

HSC-PBPP requests that IG training is updated every three years, regardless of the timeframe for which a training provider ascribes validity. All researchers accessing secure data must have valid IG training throughout the duration of their project. If your IG training will expire before your HSC-PBPP approval expires, your training must be renewed in sufficient time to continue to access the data.

Details of selected approved IG training courses are below. Please note this list is not exhaustive and panels may accept other trainings. Please see individual panel guidance for further details.

Medical Research Council (MRC) online training: Research, GDPR and confidentiality

The Medical Research Council (MRC) offers the free online training course “ Research, GDPR and confidentiality – what you really need to know ,” which comprises a series of 10 bite-sized e-learning modules accompanied by supplementary resources and a quiz. To access this training and quiz, you must first register for an account.

Applicants should go through all the modules and pass the quiz. Each module has a dotted box next to it. A tick will appear in this box when the module has been completed. Screenshots of these ticked boxes should be sent to your eDRIS Research Coordinator alongside the certificate showing that you have passed the quiz.

Office for National Statistics Safe Researcher Training (ONS-SRT)

The 4-hour online course ONS Safe Researcher Training is offered in Scotland every month jointly by eDRIS and SCADR. On this course, you will gain an understanding of the different types of Statistical Disclosure and learn about different statistical techniques to deal with them. You will learn the importance of protecting confidentiality and the about the Five Safes framework, which many data providers use to keep data safe.

Please note that while the training provider states that this training is valid for five years, the HSC-PBPP still requires IG training to be updated every three years. Therefore, you will need to renew your ONS-SRT training by passing the online test again at the three-year mark.

SCADR provides further guidance on the ONS-SRT, including how to apply for this training and available dates, linked in the section below. 

SCADR training guidance for researchers

The Scottish Centre for Administrative Data Research (SCADR) website provides guidance on training researchers will need to complete when applying for access to administrative data. This guidance will shortly be updated.

SCADR offers specific guidance on accessing the following two courses:

• Office for National Statistics Safe Researcher Training (ONS-SRT)  
• An Introduction to Data Science for Administrative Data Research (IDS-ADR)  

Additional approvals you may need

In addition to meeting the above conditions and applying for data access through the Public Benefit and Privacy Panel (PBPP), researchers will occasionally require additional approvals depending on the type of secure data required for their projects. Please note the following list is not exhaustive. You should always check with your local organisation to gauge if additional approvals are needed.

Ethical/Research Ethics Committee (REC) approval

Ethical approvals are not specific to research but may be required for your study. It is best to check with your local ethics committee to confirm this. If you are performing an audit, as opposed to research, you will not require ethical approval.

For secondary analysis of NHS Scotland data, eDRIS can facilitate research that meets the criteria below because Public Health Scotland has sought and achieved a favourable ethical opinion from the East of Scotland NHS Research Ethics Service. To meet the conditions, the research study should: 

• be in the field of health or social care research; 
• not involve any contact with research participants/subjects; 
• have undergone scientific peer review; 
• include data held in and accessed via the Scottish National Safe Haven; 
• be carried out by UK based researchers only 

Please note that the eDRIS team must submit an annual report to the NHS Research Ethics Service that documents all studies that have been undertaken using national level, de-identified data for health and social care research.

R&D approval

If your research involves the use of any resources from a territorial health board, then R&D approvals may be required, and you should approach relevant R&D office for confirmation. If your study requires data held only at national level by PHS, R&D approval from your local health board is not required.

Caldicott approval

You will not have to apply to the NHS Scotland Public Benefit and Privacy Panel (PBPP) if you are an NHS Board employee requesting a data extract of patients resident in your NHS Board area or patients treated within your NHS Board area. Instead, you will be asked to complete a confidentiality statement and obtain a signature from your local Caldicott Guardian or Medical Director.

Approvals from other nations

Approvals from other nations in the UK might be necessary if a project is being conducted with patient data from other nations. Your eDRIS Research Coordinator will be able to further advise on necessary approvals if this is the case. 

More resources

Edris researcher support services.

Discover how we work together with our eDRIS colleagues to provide data access support.

Information governance for researchers

Discover key principles and legal considerations of information governance (IG) when accessing data.

Trusted Research Environments

There are a range of trusted research environments (TREs) in Scotland providing access to secure data. 

Research data security

Find help for navigating data security as you work with secure and sensitive data for your research project.

Research for public good

Learn about the concept of public good and how research projects must deliver clear benefit to the public.

Terminology for researchers

Our list of common terms will help you understand more about how public sector data is used for research.

Was this information helpful?

Thank you for your feedback..

You have characters remaining

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List

General data protection regulations (2018) and clinical research: perspectives of patients and doctors in an Irish university teaching hospital

Matthew g. davey.

The Lambe Institute for Translational Research, National University of Ireland, Galway, H91YR71 Ireland

John P.M. O’Donnell

Elizabeth maher, cliona mcmenamin, peter f. mcanena, michael j. kerin, nicola miller, aoife j. lowery.

Europe’s General Data Protection Regulation, or GDPR, is a set of data protection rules on the acquisition, storage, use, and access of personal data. GDPR came into effect in May 2018 when it was introduced across all 27 European Union (EU) member states and the European Economic Area (EEA). Maintaining compliance with this legislation has presented significant new challenges for ongoing clinical research.

To evaluate the knowledge and expectations of patients and doctors regarding GDPR and implications for future clinical research.

An anonymous 12-item questionnaire was circulated to patients and doctors at a University Teaching Hospital. Data analysis included descriptive statistics.

Five hundred nine participants were included: 261 females (51.3%) and 248 males (48.7%). Three hundred fifty were patients (68.8%) and 159 were doctors (31.2%). Three hundred thirty-four participants were aware of GDPR (65.7%): 116 doctors (73.0%) and 218 patients (62.3%, P  = 0.018). 71.1% of doctors were willing to allow their personal data to be processed anonymously as part of a clinical research project compared to 43.4% of patients ( P  < 0.001). 80.2% of patients believed explicit consent is needed before using personal data in clinical research in comparison to 60.4% of doctors ( P  < 0.001). Level of education impacted awareness of GDPR ( P  < 0.001); a higher level of education among patients increased GDPR familiarity ( P  < 0.001), however failed to impact doctor familiarity ( P  = 0.117).

GDPR has introduced complexity to the processing and sharing of personal data among researchers. This study has identified differences in the perception of GDPR and willingness to consent to data being used in clinical research between doctors and patients. Measures to adequately inform prospective research participants on data processing and the evolving landscape of data protection regulation should be prioritised.

Introduction

On the 25 May 2018, legislation regarding General Data Protection Regulations (GDPR) was introduced by the European Union (EU), replacing previous data protection laws across Europe [ 1 ]. Implementation of these laws was carried out over a staggered 2-year transitional phase across the 27 member states. Initial aspirations for the implementation of the GDPR mandate were to assure European citizens optimal privacy and protection of their personal data, as well as to minimise data breaches which pose a constant threat to personal privacy in today’s data-driven world with many people routinely sharing personal information freely online [ 2 ]. GDPR proposed a framework for safeguarding confidential personal information in response to the increasing dissemination of information and the exponential increase in methods of accessing such data. GDPR covers ‘any information relating to an identified or identifiable natural person (‘data subject’)’ (i.e. names, surnames, home address, email address, or an identifier number or data held by a hospital/doctor that could be used to identify a living individual). Additionally, ‘sensitive’ personal data, described in Article 9[ 1 ] GDPR include data pertaining to ethnicity, sexual orientation, religious beliefs, trade union membership, and genetic data (chromosomal/DNA) derived from biological samples. The strict interpretation of some of these new legislative changes (in particular, the addition of the Health Research Regulations (HRR) in the Republic of Ireland (ROI)) has the potential to impede clinical research by creating new barriers to overcome in terms of patient consent as well as a lack of clarity in relation to the capacity of international collaborators to share research data [ 3 , 4 ].

In clinical research, data relating to patient-specific demographics and clinicopathological, therapeutic, and disease-related outcomes are fundamental to robust investigation of epidemiology, disease patterns, and response to existing and novel therapeutic strategies. While the use of personal data is central to all research endeavours, for academic clinicians and medical scientists, the use of identifiable, patient-specific data is indispensable for research which requires long-term follow-up of patient outcomes from a specific disease process or following a particular treatment/intervention [ 5 – 7 ]. There is concern among the clinical research community that the most recent data protection regulations may provide inherent obstacles for stakeholders involved in performing clinical research in Ireland. These include the mandatory requirements for project-specific ‘explicit consent’ for each data subject (or participant) before inclusion in research, the reconsenting participants for inclusion in studies using biobank/archived material, or for inclusion in retrospective studies [ 4 , 8 , 9 ]. The efforts of the HRR coincide with GDPR in relation to health-related research, outlining suitable and specific safeguards required when processing personal data for health research in the ROI [ 4 ]. It is anticipated that these new regulations will reduce data breaches; however, the full implications of the new restrictions are yet to be determined; under current regulations, the right to erasure (Article 17.3) directly conflicts with and impedes the principles of clinical research [ 10 , 11 ]. Additionally, the mandatory requirement to obtain further consent should the research project aims change removes the flexibility that is so crucial to performing dynamic and relevant clinical research. Furthermore, increasing restrictions regarding data sharing are likely to render international collaborative projects increasingly more difficult to establish and run, which may lead to clinicians relying on smaller patient data from single centres, reducing the robustness of results obtained.

Although HRRs are explicit, the views and perspectives of clinicians and patients in relation to GPDR and its potential implications for clinical research are less certain. The aim of this study was to evaluate the views and perspectives of patients and doctors as to how personal data is processed following the introduction of GDPR and their preferences in this regards as well as the potential implications of its introduction for future clinical research.

Local ethical hospital approval was obtained from the Clinical Research Ethics Committee (CREC) at Galway University Hospital (GUH). A 12-item questionnaire was designed with respect to demographic, research experience, and prospective of GDPR, as well as questioning pertaining specifically to consent (Fig.  1 ). At present, there are no validated questionnaires for the investigation of this topic in existence. Each participant was asked to participate in the study having been addressed by one of the four independent data processors (EM, CM, MGD, and JPOD) during October 2019–September 2020. Doctors working in GUH were invited to partake in the study while at work in the hospital. Patients attending medical and surgical outpatient clinics were also invited to partake in the study at the time of their hospital visit. Each participant conducted the survey in writing, with no external questioning from researchers. No participants were recruited to undertake the study through electronic surveys, and no incentive was offered to any participants for their participation in the survey. The Irish National Framework of Qualifications (NFQ) was used to classify levels of education [ 12 ].

Questionnaire distributed to participants in this study

Data was stored on a password protected file on a password protected computer in the partner academic institution. All data retrieved was anonymised. Data protection was in full compliance with EU GDPR guidelines (2018). Data analysis was performed using Statistical Package for the Social Sciences (SPSS) version 26.0. Fisher’s exact (†), Chi-squared (χ 2 ), and one-way analysis of variance (ANOVA, ‡) tests were used as appropriate.

Demographics

There were 509 participants included in this study; of these, 261 were female (51.3%) and 248 were male (48.7%). There were 350 patients (68.8%) and 159 doctors (31.2%) participating in this study. Details of clinical, educational, and previous research characteristics of participants are outlined in Table ​ Table1. 1 . Of the doctors included in the study, 108 were interns (67.9%), 33 were senior house officers (20.8%), 14 were registrars (8.8%), and 4 were consultants (2.5%).

Clinical, educational, and research characteristics of participants in this study

SD standard deviation, GDPR General Data Protection Regulations, † Fishers’ exact test, ‡ one-way analysis of variance, χ 2 Chi-squared test.

* Denotes statistical significance.

Subgroup analysis: participants and GDPR

Overall, 159 participants had previously consented to allow their data to be used in clinical research (31.2%, 159/509). Of these, doctors were more likely to have agreed for their data to be used in clinical research (51.6% vs. 22.0%, P  < 0.001 †). Overall, 334 participants (65.7%) were aware of GDPR implementation, and doctors were more likely to have awareness (73.0%, vs. 62.3%, P  = 0.018 †). There was no difference between in the degree of familiarity with the more granular/specific details of data privacy rights between doctors and patients ( P  = 0.329 χ 2 ) (Fig.  2 ). Doctors were significantly more willing to allow their personal data be used as part of a clinical research project, provided the data is anonymised (71.1% vs. 43.4%, P  < 0.001 χ 2 ) (Fig.  3 ).

Patient and doctor familiarity with their data privacy rights

Patient and doctor willingness for with their data to be used

Subgroup analysis: clinical research

Doctors were significantly more likely to believe explicit consent should be obtained to gather information from a patient’s medical notes and used in clinical research projects (80.2% vs. 60.4%, P  < 0.001 †). Both cohorts were as likely to believe consent should not be obtained a second time, should the aims of the clinical research project change or for the information to be used in a different project (52.6% vs. 44.0%, P  = 0.152 †). Doctors were significantly more likely to allow their data to be used in an international research collaboration (91.8% vs. 72.6%, P  < 0.001 †). When assessing patients and doctors independently, being involved in previous research projects impacted patient awareness of GDPR ( P  = 0.031 †), however did not impact doctors awareness of GDPR ( P  = 0.286 †). Being involved in previous research was positively associated with both patient and doctors willingness to become involved in future research projects ( P  = 0.002 and P  = 0.027 respectively, both †).

Subgroup analysis: education level

Level of education impacted awareness of GDPR ( P  < 0.001, χ 2 ); both patients and doctors with a higher level of education were more likely to be aware of GDPR ( P  < 0.001 and P  = 0.027, both χ 2 ). Higher level of education among patients increased their familiarity with GDPR ( P  < 0.001, χ 2 ), however failed to impact doctor familiarity with the regulations ( P  = 0.117, χ 2 ). The level of education impacted the willingness of participants to allow for their personal anonymised data be used as part of a clinical research ( P  < 0.001, χ 2 ). Doctors with higher levels of education were willing to provide their anonymised data in clinical research ( P  = 0.014 χ 2 ), however level of education did not alter patient willingness to do so ( P  = 0.219, χ 2 ). Higher level of education among patients failed to increase their willingness have their data shared in an international research collaboration ( P  = 0.358, χ 2 ), however did impact doctors willingness ( P  < 0.001, χ 2 ).

The current study demonstrated the views and perspectives of patients and doctors towards the newly implemented data protection regulations. The level of education received by participants seems to have impacted patient’s awareness of new data protection regulations and familiarity with the details of GDPR, as well as patients’ willingness to contribute their anonymised data towards international research collaborations. Doctors were slightly better informed than patients in relation to the importance of GDPR in clinical practice; however, 27% of doctors admitted to being unaware of the regulations, despite the regulations being implemented into practice by the European Union since May 2018 for citizens of the EU. Since then, academic and medical institutions have been expected to comply with regulations when processing patient data for clinical and research purposes. These prove to be worrying findings; initial aspirations for GDPR were ‘to provide rules for the protection of the personal data of natural persons and the processing of their personal data’, and the current study highlights only a moderate awareness of GDPR among both patients (63%) and doctors (73%). With this in mind, the anticipated obstruction to clinical research seems to be of secondary importance as it remains crucial that doctors and patients are careful to protect data in the clinical setting, in order to prevent data breaches [ 4 , 8 , 9 , 13 ].

In this analysis, 27% of doctors and 40% of patients reported being unaware of GDPR legislation, with both illustrating comparable familiarity with data protection rights. This represents some concerning findings; doctors are expected to process large volumes of sensitive patient data on a daily basis, where protection of healthcare data is of the greatest importance. Furthermore, there has been a vogue in recent times to educate healthcare staff of the importance of data protection [ 14 ], with Ireland’s health service executive (HSE) attempting to educate their staff of GPDR and its implications for their clinical work [ 15 ]. Thus, it is surprising that a large proportion of doctors admit unawareness in relation to data protection. However, acknowledgement for several other confounding factors which impact awareness of GDPR must be accounted for: Markopoulou et al. highlighted level of education to impact upon awareness of GDPR [ 16 ], which is replicated by data in the current study, with levels of education correlating with the both patient and doctor’s awareness and understanding of the significance of GDPR. Furthermore, in our patients, the level of education received impacted awareness of GDPR ( P  < 0.001), which brings into question the delivery of information to our patients with respect to issues such as data protection, as well as in relation to the day-to-day discussions on topics such as disease diagnoses, prognoses, and management. O’Sullivan et al. performed a quantitative analysis illustrating the complexity of clinical research patient information leaflets/informed consent forms when compared to traditional readability criteria [ 17 ] and health literacy-based tools [ 18 ], which somewhat explains the difficulties people have in understanding the importance of complex issues, such as data protection. GDPR Article 5 indicates that personal data should be processed in a lawful, fair, and transparent manner [ 3 ], which highlights that efforts must be made to ensure concise and coherent education of patients in language which is deemed appropriate for the recipients to understand, without overcomplicating delivery unnecessarily.

While 40% of patients admit a deficit in awareness of GDPR, further data from the current analysis suggests 27% doctors are unaware of new data protection regulations. This is extremely concerning: Efforts from governing bodies such as the Royal College of Physicians of Ireland, Royal College of Surgeons in Ireland, and the Irish College of General Practitioners have made efforts to educate doctors of the significance of GDPR for their clinical practice [ 19 – 21 ], as have the HSE through mandatory online learning modules for staff [ 15 ]. Moreover, the Irish Medical Journal has attempted to educate readership through editorial commentary regarding GDPR and its implications for clinical practice [ 22 ]. Despite these efforts, a 2020 study from Wallace et al. reported that almost 90% of Irish non-consultant hospital doctors (NCHDs) believe specific training in the fields of GDPR and Irish research regulations would be useful, although only 25% described having received such training [ 23 ]. This is surprising as the HSE has implemented online training modules which are specific to GDPR implementation and expected practice [ 15 ]. In Wallace’s study, doctors suggested a lack of educational resources, information, and training opportunities for clinicians in relation to data protection. Data from Wallace et al. indicate that 89% of clinicians are keen for involvement in clinical research, while 87% believe the participation of doctors in clinical research being ‘important.’ In spite of this, results from the present study suggest only 1/6th of doctors believe they are ‘very familiar’ with GDPR regulations; this highlights the potential for significant data breaches in the setting of clinical research, and the fundamental requirement for an in-depth understanding of GDPR for any stakeholder in the clinical research [ 4 ]. Furthermore, a study from Corbett et al. illustrated the requirement for junior doctors working in an Irish hospital to receive education in relation to electronic data protection in healthcare [ 24 ]. Thus, novel strategies educating both doctors and patients may be warranted, or making a conscious effort in clinical areas to provide HSE data privacy statements in clinical areas to ensure transparent processing of patient data in our hospitals. These efforts may be successful in heightening the appreciation for GDPR implementation in our workplace, in order to counteract potential preventable data breaches in future.

In the current study, approximately 60% of doctors and 80% of patients believed explicit informed consent to be an essential component in the recruitment of participants into clinical research studies. The informed consent process is a critical cornerstone of the ethics underpinning medical treatments, surgical procedures, and participation in clinical research [ 25 ]. Prior to May 2018 in Ireland, a data subject was not required to provide explicit consent for inclusion in a clinical research study, and data processing was permitted using consent naïve data. Since the implementation of GDPR, Irish legislation via the HRR requires data minimisation, pseudo-anonymisation, and anonymisation where possible, and explicit consent from the data subject being a mandatory prior to inclusion in clinical research [ 1 , 2 , 4 ]. This differs from other European states where explicit consent is not a requirement, as set out in Article (89) 1. Although the ROI has introduced less lenient (or more ‘obstructive’) regulations than other member states, 281 of the 350 included patients believe this to be appropriate, reiterating positive aspects to strict GDPR implementation. Debate in recent times suggests modification, or indeed reformation, of the current informed consent process for clinical research, and deliberation of such changes is underway as we attempt to compete with the ever-evolving challenges in an environment becoming increasingly exposed to medicolegal hazards [ 26 , 27 ]. On the contrary, over 50% of doctors and patients included in this study believed that a second formal consent process is unnecessary to use personal data for another project. This projects the potentially ‘disruptive’ nature of GDPR in the setting of biobanking, cross-border data transfer, and databanking, all processes which have been restricted since the implementation of GDPR [ 28 ]. The sequelae of this are yet to be observed; however, a forecasted reduction in the volume and impact of clinical research is possible. Thus, the requirement to obtain further consent, should the aims of the project change from the initial aspirations, represents a significant practical barrier to research brought in by EU’s GPDR 2018.

Three-quarters of patients and over 90% doctors were willing to allow their clinical data to be used in international research collaborations. The amalgamation of large volumes of pooled data is central to delivering the highest quality scientific evidence to enhance diagnostics, guide therapeutic decision making, and inform patient prognosis. Fostering international collaborations between research institutions is vital to allow large prospective research projects to progress. The strict interpretation of this legislation may be questioned as to what benefit it ultimately provided to patients while representing a potentially unnecessary obstacle to research.

The study suffers from being conformed from a single-centre questionnaire, including only 12 data points, which limits the conclusions which can be drawn from this analysis. Within this study, we evaluated the two very different participating subgroups (patient mean age 60.2 years vs. 26.9 years for doctors) with varying levels of education received. However, in spite of this, we present real-world views and perceptions of patients and doctors regarding GDPR, using the first ever GDPR questionnaire.

The implementation of the EU GDPR and the Irish HRR has introduced additional complexity relating to the processing and sharing of data among researchers. This study has identified differences in the perception of GDPR and willingness to consent to data being used in clinical research between doctors and patients. Measures to adequately inform prospective research participants on data processing and the evolving landscape of data protection regulation should be prioritised, with emphasis upon the conscious processing of patient data in a transparent manner, with the formal implementation of GDPR education strategies to envisage how clinical research may be carried out in a safe and GDPR compliant manner in the future.

Access funding provided by the IReL Consortium.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

• Top 10 Florida Hotels
• Hotel Deals
• Priceline Orlando Deals
• I want to I WANT TO
• Ask & Answer
• Rant or Rave
• Find & Review
• Claim & Promote

Cognitive Research

Cognitive Research Edit

Medical research.

miles from you

• 1 Progress Plaza # 1230
• Saint Petersburg, FL 33701
• (727) 897-9000

Working Hours:

Claim your business page and access your free Florida.com Business Owners account.

• - Immediately update business information
• - Respond to reviews and privately message customers
• - See the customer leads your business page generates

Other great stuff nearby

Mr.Empanada

Cognitive Research #1958977

Whaddaya wanna do today, see what people are talking about your business.

Add your business to florida.com and grow...

Plan your dream vacation now!

Powered by Priceline Partner Network.com

Discussion on Florida

Travel advice.

St Petersburg

Snorkeling Key Largo

Saving Money

Free VIP Membership. Save Now.

Thanks for helping to keep Florida.com civil!

This image is really bad :( .

• --> Sitemap -->