The GDPR and genomic data

 

The European Union introduced the General Data Protection Regulation (GDPR) in 2018 and it forms part of current UK law. A long and complex piece of legislation, the GDPR governs the processing of personal data of all EU citizens, and has significant global impact. Ever since its introduction, the genomics community have raised concerns: how exactly does the concept of ‘personal data’ apply to genomics, and what does the regulation mean for research and healthcare?

The Information Commissioner’s Office awarded the PHG Foundation a research grant to investigate how the GDPR impacts upon the field of genomics. The GDPR and genomic data report provides a detailed legal analysis of the many ways in which the GDPR impacts genomic healthcare and research, highlights areas for urgent attention, and makes recommendations for the genomics community, regulators and policy makers to maintain the flow of genomic data for healthcare and scientific research.

This research assesses the current and likely near future impact of the GDPR and UK Data Protection Act 2018 on uses of genetic/genomic data in healthcare and health research. In particular, it addresses three linked research questions with significant practical importance for regulators, health services, clinical professionals, scientists, patients and publics:

  • To what extent do genetic/genomic data used for healthcare and medical research in England and Wales count as ‘personal data’ under the GDPR?
  • To the extent that they are ‘personal data’, what is the impact likely to be on the delivery of health and social care in the short-to-medium term (up to five years)?
  • What can be done to mitigate or reduce any negative impacts?

To address these questions we conducted legal research, semi-structured interviews with key stakeholders and convened a multidisciplinary workshop with over thirty clinical/scientific professionals, policy makers, regulators and academic experts.

By Colin Mitchell, Johan Ordish, Emma Johnson, Tanya Brigden and Alison Hall

 

Discussion papers and policy briefings

For users and sharers of data we explain when and how to apply  the GDPR to in genomic medicine and research