GDPR: Implementing additional data protection rules in Health Research 
                     
GDPR: Implementing additional data protection rules in Health Research



GDPRCourse 
             

GDPR: Implementing 
additional data protection 
rules in Health Research 

 

  


The Health Research Regulations 2018 got the more specific effect by 

introducing data processing provided for in Section 36 of the draft Data 

Protection Act 2018. 

 

Regulations on data processing occupy a privileged position for researches. By 

(Article 6(4); Recital 50) Organizations that process personal data for the 

purpose of research may avoid restrictions on personal data processing and 

on processing categories of sensitive data.  

 

In addition to that, the GDPR may permit organizations to process personal 

data for research purposes without the data subject’s consent. In separate 

cases, these organizations can transfer personal data to third countries for 

research purposes, there is no need for other transfer mechanisms in place. 

 

The key changes for the Regulations are: 

  

1. Defining "Health Research" 

2. Prescribing a list of "Suitable and Specific Measures" to be taken when 

processing personal data for Health Research purposes, including that 

"explicit consent" be obtained; and 

3. Identifying exceptional circumstances in which the explicit consent of a data 

subject to the processing of their personal data is not required and laying 

down a detailed process to be followed in these cases. 

 

 


 There are many conditions for providing exemptions for health researches.  

 

Conditions for Research Exemptions: 

 

• Controllers must implement appropriate safeguards  

• Technical and organizational measures 

• Every controller should act in keeping with recognized ethical 

standards for scientific research. 

 

A number of provisions are there in GDPR 

that apply to health research. One of them 

is the mandatory additional requirements 

for health research were brought about 

through a consultation process between 

the Minister for Health and the Data 

Protection Commission, and also GDPR 

provides that processing for scientific 

research purposes Regulation for GDPR compliance 

 

The Health Research Regulations 2018 

 

• Outline the mandatory suitable and specific measures for the processing 

of personal data for the purposes of health research (Regulation 3(1)) 

• provide a definition of health research for the purposes of the regulation 

(Regulation 3(2)) 


• provide for the possibility of applying for a consent declaration for new 

research (Regulation 5) 

• provide for transitional arrangements in respect of the granting of 

consent declarations for health research that is already underway 

(Regulation 6) 

• provide for the establishment and operation of a committee of persons 

to make decisions on applications for consent declarations, including an 

appeals process (Regulation 7-13 and Schedule) 

• include a number of miscellaneous provisions (Regulations 14-16) 

 

To the extent that the Regulations are silent on specific aspects of data 

processing, the GDPR and the Act continue to apply. 

 

One thing is clear that the main aim of GDPR is to encourage innovation, as 

long as organizations implement the appropriate safeguards.