Data protection laws and policies

There are a number of resources available that can help you understand which laws and regulations are applicable in which geographies (your jurisdiction), for example:

Key questions to ask:

  • In which countries will the project collect, access, use or share data? How many jurisdictions will the project cover? Will data be stored or processed in a different jurisdiction from where the organisation is located?

  • What are the main privacy or data protection laws, policies and regulations that may impact the collection, access, use or sharing of personal data and/or anonymised data between different organisations in your jurisdiction or across jurisdictions?

  • Which organisations are responsible for enforcing data protection laws and other laws that might affect the use of health data? For example, the Information Commissioner's Office (ICO) in the UK.

  • What consent or legal basis is needed to collect, access,use or share existing health data? Are there conditions under which data may be shared without explicit consent, for example for public health emergencies or for non-profit research?

Useful resources:

  • The DLA Piper database of data protection laws of the world.

  • OneTrust DataGuidance resources for privacy and regulatory context research.

  • A video describing the ‘personal health train’, and defining data protocols and considerations based on FAIR principles and securing privacy.

Last updated