Data Protection Regulation
The UK implemented a new Data Protection Act at the same time that complemented the regulation.
Personal data – such as information collected by a doctor or hospital, or as part of a research study – is a vital resource for research that has the potential to improve and save lives.
The regulation creates a supportive framework for scientific research, including safeguards to ensure personal information is used appropriately and remains secure.
During negotiations, the European Parliament proposed amendments to the regulation that would have imposed disproportionate limits on the use of health data. These would have had a devastating impact on research. We’re delighted that the regulation rejected these amendments.
The regulation leaves it up to European Union member states to put detailed rules in place to govern the use of personal data in research.
The Data Protection Act went through UK Parliament to set out these rules for the UK. We worked with the research community and policy makers to ensure a strong outcome for research.
The Act creates a complete legal framework for data protection after the UK has left the EU. It is important for data to continue to flow across borders for research purposes and we support close alignment between the regulation and UK law following Brexit.
We also worked with the Health Research Authority and other key organisations to develop guidance on the General Data Protection Regulation for health researchers.
Our timeline sets out the key dates for the agreement and implementation of the new regulation.
- The regulation takes effect in all European Union member states on 25 May 2018.
- The UK implements the Data Protection Act 2018 at the same time.
- Working closely with peers and the Department for Culture, Media and Sport, we successfully advocate for the government to introduce amendments to the Bill to ensure there is a clear legal basis for clinical trials to process data.
- The Health Research Authority produces guidance for researchers on how to ensure they are complying with the regulation.
- The UK government publishes a Data Protection Bill, which sets out how the exemptions permitted by the regulation will be implemented in the UK.
- Beth Thompson, Wellcome's Head of Policy – UK and EU, is awarded an MBE for her work on the regulation.
- The European Parliament and Council of Ministers formally agree the final text of the regulation.
- A compromise text is finalised and receives the support of the European Parliament and member states in informal votes. The regulation rejects damaging amendments proposed by the European Parliament.
- The Council of Ministers agrees its general approach on the regulation. The Council’s position on research is broadly positive.
- The European Parliament adopts amendments to Articles 81 and 83 that would severely restrict the use of personal data for scientific research purposes without specific consent. It is vital that amendments to Articles 81 and 83 are opposed in negotiations on the regulation.
- The European Parliament rapporteur publishes a draft report on the regulation. The draft report includes amendments that, if implemented, would have a devastating impact by imposing disproportionate limits on the use of health data in research.
- The European Commission publishes a draft Data Protection Regulation with a view to replacing the existing Data Protection Directive and associated Member State legislation.