Scientific research in general, and biomedical research in particular, are activities of general public interest, given the benefits they bring to society as a whole. For this reason, the treatment of personal data for scientific research purposes, both in the public and private spheres, and especially in the context of clinical trials, should be approached from a broad perspective that allows secondary uses of the data. directed to open new lines of research, carry out new safety studies requested by the authorities or validate the original results, among others.
This broad use of biomedical research data, explicitly recognized in the General Data Protection Regulation itself, does not exempt those responsible for its treatment (the center and the trial sponsor) from offering participants the maximum guarantees of protection of your right to privacy.
“The regulations in force in Spain regarding data protection and clinical trials constitute a solid legal guarantee for research participants, and at the same time allow the use of biomedical big data for the benefit of society as a whole”, highlights Amelia Martín Uranga, responsible for the Platform of Innovative Medicines of Farmaindustria, that participated this Thursday in Valencia in the day University research and regulatory compliance of the RGPD, organized by the Chair of privacy and digital transformation Microsoft-UV, in which numerous meetings were held experts from the health, business, university and media fields.
One of the main safeguards in this area is the obligation, on the part of the center and the promoter of the trial, to carry out their corresponding impact assessments on data protection (EIPD) with the participation of their respective data protection delegates. “This tool – highlights Martin – is key to ensure the maximum protection of biomedical data of the participants in the trials, since it includes elements such as the analysis of the data coding process, the consequences for participants of access, loss or modification of data, or risk management measures, among other aspects “.
In this context, the industry is positively evaluated the recent publication by the Spanish Agency for Data Protection (AEPD) of the list of personal data treatments in which the performance of an EIPD is mandatory; among them is the treatment of health data, genetic data and treatments that involve the use of large-scale clinical information.
In any case, all participants in a biomedical research project must ensure that throughout the same the data protection principles contemplated both in the Regulation and in the new Organic Law on Data Protection are complied with, although the application of the principles has to be modulated according to the different circumstances in which each of the agents involved (center, promoter, principal investigator, auditor, responsible for monitoring, etc.) access personal data. “It is also important to try to harmonize concepts so that the responsibilities of each party in the contract between the promoter and the center where the trial will be developed are clear,” says Martín.
Another central element in this new legal framework is the Delegate for Data Protection, a key figure that plays an important role as guarantor of compliance with data protection regulations in biomedical research projects, for example, to facilitate compliance with the same through new instruments such as the aforementioned impact evaluations.
A sector committed to biomedical research
Finally, the representative of Farmaindustria stressed that for the pharmaceutical industry the development of preclinical and clinical research in collaboration with public and private academic and health institutions is key to carry out the R & D of new medicines.
For this reason, the sector invests more than 1,100 million euros each year in Spain (the figure rose in particular to 1,147 million in 2017) on the basis of an open innovation model, which means that approximately half of these funds are destined to Research contracts with hospitals, universities and other public and private centers.
Distefar supports the need for conferences such as those held in Valencia under the title “University research and regulatory compliance of the RGPD”