# Data protection laws and policies There are a number of resources available that can help you understand which laws and regulations are applicable in which geographies (your jurisdiction), for example: * The [Assessment of the EU Member States’ rules on health data in the light of GDPR report](https://ec.europa.eu/health/sites/default/files/ehealth/docs/ms_rules_health-data_en.pdf) explains how data protection regulations are applied for European citizens. The EU's [General Data Protection Regulation (GDPR)](https://ec.europa.eu/info/law/law-topic/data-protection_en) is an extraterritorial legislation, meaning it is applied to any entity in any country that is managing the data of European citizens, even if that entity does not have an office or base in Europe. * The[ International Association of Privacy Professionals’ (IAPP) privacy law mapping chart](https://iapp.org/resources/article/global-comprehensive-privacy-law-mapping-chart/) maps describes data protection laws globally. * The [United Nations Conference on Trade and Development's data privacy regulation trackers](https://unctad.org/page/data-protection-and-privacy-legislation-worldwide) are also useful for understanding the key provisions of data protection legislation in each country. **Key questions to ask:** * In which countries will the project collect, access, use or share data? How many jurisdictions will the project cover? Will data be stored or processed in a different jurisdiction from where the organisation is located? * What are the main privacy or data protection laws, policies and regulations that may impact the collection, access, use or sharing of personal data and/or anonymised data between different organisations in your jurisdiction or across jurisdictions? * Which organisations are responsible for enforcing data protection laws and other laws that might affect the use of health data? For example, the Information Commissioner's Office (ICO) in the UK. * What consent or legal basis is needed to collect, access,use or share existing health data? Are there conditions under which data may be shared without explicit consent, for example for public health emergencies or for non-profit research? **Useful resources:** * The DLA Piper [database](https://www.dlapiperdataprotection.com/index.html) of data protection laws of the world. * OneTrust [DataGuidance resources](https://www.dataguidance.com/) for privacy and regulatory context research. * A [video](https://www.youtube.com/watch?v=mktAtHmy-FM) describing the ‘personal health train’, and defining data protocols and considerations based on FAIR principles and securing privacy. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://open-data-institute.gitbook.io/data-governance-playbook/play-seven-assessing-the-legal-regulatory-and-policy-context-for-sharing-health-data/data-protection-laws-and-policies.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.