GDPR as barrier | |
---|---|
Data sharing | There are much more concerns about data protection which makes it more difficult to share data for scientific purposes GDPR limits some projects to only share the aggregated data as a way to avoid sharing individual-level data and the GDPR challenges that come with that |
GDPR implementation | GDPR is a unique and interesting regulation but the interpretation and implementation of the GDPR has caused problems and represents a challenge in Europe, which needs to be addressed |
Time | GDPR slows down the process. The idea behind GDPR is not to make research more difficult, the same research can still be conducted but the process is just slower and more complicated |
Workload (and resources) involved in GDPR compliance | Implementing GDPR is a major work burden and represents a problem in projects, which work with limited budgets from research funding and limited personnel, as the legal issues take much more time and work than it is available which restricts carrying out the project simultaneously The workload to be GDPR compliant is a barrier for projects There is a lack of funding to set up data and information exchange systems, which would be compliant with the GDPR |
Local legislation | There are differences in national interpretation and implementation between countries; and sometimes national regulations are contradictory to the GDPR |
Different (and stricter) interpretations | Locally there are differences between countries as to how strict they are about the interpretation of the GDPR and specific laws, which represent a barrier There are interpretations of the GDPR, which are stricter than it was intended with the GDPR A lot of people over interpret the GDPR and make it stricter than it was intended |
GDPR implementation in countries without pre-existing laws concerning data privacy | GDPR did not make a big difference in countries with an already strict legislation, while it did have an impact on countries where a strict legislation did not exist prior to the implementation of the GDPR |
Access to data | Access to individual data is restricted to 3rd parties, only aggregated results are shared GDPR and privacy concerns are sometimes used as an excuse to stop sharing the data Data providers are concerned about eventual violation of the data protection laws, which leads some countries to stop sharing their data |
GDPR interpretation | There is a contradiction in the interpretation of the GDPR between reading it word by word and the spirit and the purpose of the GDPR Lawyers are not sure how to interpret GDPR, which, in the end, makes the interpretation of the GDPR stricter to ensure compliance with it. There are different interpretations of the GDPR, which represents a barrier |
Novel approaches towards health data | When developing novel approaches to dealing with health data, solutions tend to be restrictive to ensure compliance in all the countries |
Identifiable and individual-level data | GDPR is an issue with health data narrowly defined by region, sex, age group and International Classification of Disease (ICD) code where the size of the sample is very small (1, 2 or 3 persons) as it could be a way of identifying individuals When it comes to rare diseases, data is potentially identifiable. There is a great concern when dealing with individual level data as everything is potentially confidential and re-identifiable GDPR makes it complicated to work with anything resembling individual-level data as everything is potentially confidential and identifiable |