U.S. Department of Health and Human ServicesHHS National Institutes of HealthNIH National Center for Advancing Translational SciencesNCATS
Home

Learn About Ethical and Legal Aspects

Be Informed of International Laws

General Data Protection Regulation (GDPR)
What is the GDPR?
The GDPR is a regulation that sets guidelines for collecting and processing personal information from individuals who live in the European Union (EU) and the European Economic Area. The 27 member countries  of the EU share a set of economic and political policies. Three other countries (Iceland, Liechtenstein, and Norway) are part of the European Economic Area, which allows these countries to be part of the single EU market.

The GDPR also regulates the release of personal information outside the EU and European Economic Area. The GDPR simplifies regulations that give individuals control over their personal information regardless of where in the world that information is used.

How does the GDPR apply to registries?
If your registry includes participants from the EU or European Economic Area, it must comply with the GDPR. These regulations apply to the personally identifiable information of people in the registry, regardless of the location of the registry.

Resources

Protect Human Research Participants
Chapter 8: Informed Consent for Registries in Registries for Evaluating Patient Outcomes: A User’s Guide, [internet]. 4th Edition Agency for Healthcare Research Quality (AHRQ) (link)
Data DIY Workbook #2: Data Trusts, Governance, and Collection Platforms Global Genes (link)
Know U.S. Laws & Regulations
HIPAA Basics – Privacy and Security U.S. Department of Health and Human Services (HHS) (link)
Be Informed of International Laws
GDPR.eu: Complete guide to GDPR compliance