One of the biggest issues I find when assessing proposals or talking to DHACA members is that there is still a significant misunderstanding of the importance of building data protection in at the very start of any development plan. The UK’s Data Protection Act (“DPA”) essentially mirrors the GDPR and adds further to it; leaving the EU has not resulted in any significant change in impact.
It is therefore particularly appropriate that Brown Rudnick kindly offered to deliver our XVIIIth webinar, on Data protection, the top tips for digital health companies.
Particular issues covered included:
- The EU GDPR is no longer applicable to processing in the UK unless caught by its extra-territorial provisions;
- However “UK GDPR” is essentially the same as EU GDPR, based on the DPA 2018 and the Brexit laws which retained certain EU legislation and case law;
- The EC is planning changes to the laws relating to data transfers, data governance, e-privacy;
- The European Data Protection Board has issued actual and draft guidance on GDPR and health research;
- The EU/US privacy shield still down – there is no sign of a quick solution;
- The EC has issued a draft EU/UK adequacy decision which is in process; meanwhile data can flow from the EU to the UK on the basis of the Withdrawal Treaty.