Controller’ and Processor’s Responsibilities in Biobank Research Under the GDPR
In Santa Slokenberga, Olga Tzartzatou and Jane Reichel (eds) Individual Rights, the Public Interest and Biobanks Research (Springer, Forthcoming)
Posted: 27 Apr 2020
Date Written: June 19, 2019
Abstract
Biobanks are essential infrastructures in current health and biomedical research. Advanced scientific research increasingly relies on processing and correlating large amounts of genetic, clinical and behavioural data. These data are particularly sensitive in nature and the risk of privacy invasion and misuse is high. The EU General Data Protection Regulation (GDPR) developed and increased harmonisation, resulting in a framework in which the specific duties and obligations of entities processing personal data – controllers and processors – were defined. Biobanks, in the exercise of their functions, assume the role of controllers and/or processors and as such need to comply with a number of complex rules. This chapter analyses these rules in the light of Article 89 GDPR, which creates safeguards and derogations relating to ‘processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes’. It identifies key compliance challenges faced by biobanks as data controllers and processors, such as determining whether the GDPR is applicable and its intersection with other regulations; when a biobank should be considered controller and processor; and what are the main duties of biobanks as data controllers and processors and options for compliance.
Keywords: Biobanks, GDPR, General Data Protection Regulation, EU Data protection, Biomedical research data, Data controller, Data processor
Suggested Citation: Suggested Citation