Genomic medicine and research: how does the GDPR apply?

This discussion paper was published as part of the project: Data protection and genomic data. The Information Commissioner’s Office awarded the PHG Foundation a research grant to investigate how the GDPR impacts upon the field of genomics. The subsequent report: The GDPR and genomic data, is available to download.

This discussion paper addresses how the GDPR applies to personal data in genomic medicine and research. It outlines some challenges in meeting the requirements of the GDPR including: establishing a legal basis for processing, fulfilling conditions for processing of genetic or health data, complying with rights and obligations while data are being processed, and meeting requirements for international data transfers outside the EU/EEA.

Key points 

• Processing genetic or health data is not automatically high risk but it requires a high level of protection and safeguards
• Uncertainty and differences in opinion about the requirements of the GDPR could impact data sharing for genomic medicine and research
• Reaching consensus about how the GDPR applies in specific situations will not be easy but a sector-specific code of conduct could help streamline compliance and improve confidence.

Another discussion paper, Genomic medicine and research: when does the GDPR apply? is available.

By Colin Mitchell, Johan Ordish