Re-using health data is crucial for advancing research and health care. But health data is highly personal and sensitive information, and its protection is strongly regulated. All stakeholders need to trust the ways in which health data is used and reused. How can you ensure data protection whilst re-using health data?


I. How does the GDPR apply to health data?

This topic focuses on the broad impacts of GDPR and how it applies to health data-driven research. We will consider the implications for innovation from a legal professional, health sector and health industrial perspective.

II. Setting up a GDPR-compliant data collection and processing pipeline

What are the GDPR compliance steps and specifications that should be adopted when developing an innovation or a research study that collects, processes, retains, analyses and possibly shares health data from patients, citizens, or research data subjects?

III. Patient and participant consent, transparency notices and data subject rights

This topic explores which data processing activities need formal permission from patients and research data subjects, how consent forms and transparency notices should be worded and how to meet the obligations of data subject rights such as withdrawal.

IV. Data protection safeguards, threats and breaches

This topic explores the implications of the Security Principle in GDPR and the prosecutions that have resulted. We explore the practical implications of how to manage security and determine what information security safeguards are appropriate for the intended data, data flows, processing and risks within the data pipeline, how best to apply and combine them to assure appropriate levels of protection and what to do if there is a data breach.

V. Anonymisation and pseudonymisation

“How can we balance privacy protection using anonymisation and pseudonymisation with the need to ensure we can ask pertinent research questions?” The focus of this topic is the aforementioned forms of data minimisation, the practical implementations and the implications for conducting research. Quantifying privacy risk and how to mitigate against it without rendering datasets useless for research is a consideration discussed here. 

VI. Regulatory compliance for AI development

At this point, the spotlight is put on the combined implications for artificial intelligence development within the GDPR, the Medical Device Regulation and the forthcoming EU Regulation on AI.

Ensure adequate GDPR compliance at all levels of your organisation

We have bundled good practices into a state-of-the-art health-data-focused GDPR tutorial

Health-data-focused GDPR tutorial

The very sensitive nature of personal health data makes GDPR compliant health data handling a critical requirement. 

Our team of GDPR experts, in collaboration with key decision makers, influencers and industry experts, can help develop the necessary skills:

  • From understanding the legal requirements to acquiring the skills to develop Patient Information Leaflets and Data Protection Impact Assessments
  • From legal basis to best practices
  • For all sectors operating in the health data ecosystem

Tailor-made in-company GDPR tutorial

We customise our tutorial to your needs on the basis of an intake meeting so as to focus on the key topics that are most relevant for your organisation.

some possible topics

real-world evidence

regulatory framework

management of biobank data

extra-EU transfers and operations

data protection impact assessments

processing of genetic data

accountability, security and breach management

relationship between ethics and data protection

Your learning objectives may include

harmonisING your staff members’ understanding OF GDPR

As most of your staff members have diverse knowledge of GDPR, there is a need to streamline their understanding, remove misconceptions and help them achieve a consistent level of knowledge across their different functions.

clarifyING clear, aligned tailored guidelines

Given the complexity of the health data environment you are operating in, your guidelines will need to be customised to your specific organisation and your staff members empowered to ensure unequivocal understanding.

instant applicability in daily working practice

We explore the GDRP core concepts in a guided fashion with reference to client case studies, to illuminate the potential impacts of the GDPR on people’s daily operations so that they acquire the skills to integrate data protection by design and default in their daily working practice. 


We prefer interweaving presentations with hands-on and practical examples to illuminate the potential impacts of the GDPR on your staff’s daily operations and refer to relevant client case studies. We can give the tutorial onsite (if allowed) or via online training. Dates and pace at your convenience.

Interested? Get in touch!

Would you like more information on how we can help you align your staff members on the best GDPR practices ?

Contact our DPO and Information Governance Lead Nathan Lea for a free intake meeting.