• Home
• Resources & Guidance
• Investigator Manual
• Appendix A-9 Additional Requirements for Research Subject to EU General Data Protection Regulations (GDPR)

Appendix A-9 Additional Requirements for Research Subject to EU General Data Protection Regulations (GDPR)

1. Human Research involving personal data about individuals located in (but not necessarily citizens of) European Union member states, Norway, Iceland, and Liechtenstein, are subject to EU General Data Protection Regulations.
2. For all prospective Human Research subject to EU GDPR, please see our policies and guidance to ensure that the following elements of the research are consistent with institutional policies and interpretations of EU GDPR:
   1. Any applicable study design elements related to data security measures.
   2. Any applicable procedures related to the rights to access, rectification, and erasure of data. 
   3. Procedures related to broad/unspecified future use consent for the storage, maintenance, and secondary research use of identifiable private information or identifiable biospecimens.
3. Where USFDA or DHHS regulations apply in addition to EU GDPR regulations, ensure that procedures related to withdrawal from the research, as well as procedures for managing data and biospecimens associated with the research remain consistent with Appendices A-1 and A-2 above.
4. “WORKSHEET: GDPR Data Protection (HRP-335)” and “TEMPLATE: GDPR Compliant Consent (HRP-590)” are tools available to provide guidance regarding the collection, management, protection and ongoing handling of personal and other research data when conducting research in one of the countries of the European Economic Area. Please refer to HRP-335 and HRP-590 when drafting the Letter of Information and Consent Document, and when completing the protocol template for submission in eIRB+.