IAPP article: How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs

The authors actually reached out to the DPAs and polled them for the following questions. (written below as they were sent to the DPAs):

  • Does the GDPR apply to a clinical trial sponsor based outside of the EEA if it is conducting clinical studies in the EEA?
    • Answers were mostly YES or “Factual Analysis”
  • Is patient data processed under a clinical trial considered “personal data” even if it is pseudonymized?
    • Received Answers were YES
  • If a clinical trial is being conducted in your jurisdiction, would the sponsor and the principal investigator be considered joint controllers of the personal data of the trial participants (data subjects)?
    • Various views

    Alternatively:

  • Is the sponsor the data controller while the principal investigator acts as a processor on behalf of the sponsor?
  • Is the principal investigator an independent data controller together with the sponsor?

https://iapp.org/news/a/how-does-the-gdpr-apply-to-clinical-trial-sponsors-outside-the-eea-views-of-eea-dpas/

NIST Releases Supplemental Materials for SP 800-53 and SP 800-53B: Control Catalog and Control Baselines in Spreadsheet Format

https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Switzerland – revised FADP/DSG .. links (Rosenthal/Vasella)

David Rosenthal in Jusletter: “Das neue Datenschutzgesetz”
https://www.rosenthal.ch/downloads/Rosenthal-revidiertesDSG.pdf

Webinars with David Rosenthal: Revision Datenschutzgesetz: Zehn Schritte zur Umsetzung der neuen gesetzlichen Anforderungen für Unternehmen
https://www.vischer.com/know-how/webinare/article/revision-datenschutzgesetz-zehn-schritte-zur-umsetzung-der-neuen-gesetzlichen-anforderungen-fuer-unternehmen-38771/

Das revidierte Datenschutzgesetz – Empfehlungen zur Umsetzung
Deutsch – https://www.walderwyss.com/user_assets/publications/201118_Newsletter-146_D.pdf
English – https://www.walderwyss.com/user_assets/publications/201118_Newsletter-146_E.pdf

ENISA: “Cloud Security for Healthcare Services” and “Procurement Guidelines for Cybersecurity in Hospitals”

Brand-new ENISA Report on Cloud Security for Healthcare Services

incl. threat catalog, security measures, names good practices
– “Medical Devices” as one of three examples.

Incl. GDPR requirements etc – nicely embedded in the discussion.

Also links to the ENISA “Procurement Guidelines for Cybersecurity in Hospitals” from last year

Procurement Guidelines for Cybersecurity in Hospitals
https://www.enisa.europa.eu/publications/good-practices-for-the-security-of-healthcare-services

Cloud Security for Healthcare Services
https://www.enisa.europa.eu/publications/cloud-security-for-healthcare-services