Guidance on data protection and health information

The European General Data Protection Regulation (GDPR) was agreed in April 2016 and took effect across all of Europe on 25 May 2018. The Regulation leaves it up to European Union member states to put detailed rules in place to govern the use of personal data in research.  A Data Protection Bill 2018 sets out these rules for Ireland.

The Health Research Regulations 2018 govern the use of personal data for health research purposes. These important new regulations outline mandatory suitable and specific measures that ensure that health research in Ireland is conducted using best practice principles of information governance in line with new GDPR requirements.

The Regulations also introduce a lawful mechanism that allows the processing of personal data for health research purposes in exceptional circumstances without the explicit consent of the individual concerned - known as a Consent Declaration.

For more information on consent declarations in health research, visit the Health Research Consent Declaration Committee.

Further guidance on consent is available in the HSE National Policy for Consent in Health and Social Care Research.

For the protection of both researchers and research participants, it is important to ensure the principles embedded in these legislations are implemented in research practice.

Applicants are encouraged to review the Health Research Data Protection Network (HRDPN) Practical Guide on Data Protection for Health Researchers.