Data Security – GDPR

Chair: Enrico Serafini

Co-Chair: Lucia Guido

The recent introduction of the European Regulation no. 679/2016 – Privacy and Information Security has led to the revision of the previous legislation provided for by Legislative Decree no. 196/2003, through the introduction of Legislative Decree no. 101 of 10/8/2018.

This has led to an overlapping of rules that are not easy to read, to which are added the circulars of the Privacy Guarantor who intervenes with clarifications and specific provisions.

In the light of this panorama, it would be appropriate to revisit the current legislation, with regard to our sector, reaching an organic map of the provisions to follow, in a clear and complete way.

In addition, it is appropriate to start the coordination activity with the European working group, through the close collaboration with EUCROF, for the drafting of the Code of Ethics, an invitation sanctioned by the European Regulation and implemented by Italian law (Articles 40 to 43 of GDPR 679/2016 and n. 77, 81 and 100 of the “Recitals”. D. Legislative Decree no. 196/2003 as amended by Legislative Decree no. 101 of 11/8/2018).

In the course of the study work it will be useful to address some issues of particular interest that will emerge, such as, for example:

– defining the role of the Data Processors and the Persons in Charge, producing a standardised text for the formulation of the assignment;

– how to keep the Register of Treatment;

– analysis of cases and consequent behaviour in the hypothesis of administration of the Information Sheet and Consent in the presence of minors;

– management systems for pseudonymisation processes and the formulation of appointments as Data Processor for outsourced IT services;

– certification of procedures for the return to the sponsor and deletion of files relating to clinical trial documents;

– IT systems useful for an effective Impact Assessment and methods of representing the Data Protection Impact Assessment.

These are only a first list to be integrated on the basis of the specific needs that will emerge.

In a timely manner, the work of the committee will have the specific objective of:

– to produce an updated text of the regulations of reference to our sector;

– provide a sustainable interpretation of individual cases;

– to build a system of regulatory updating to be maintained over time;

– produce shared forms;

– evaluate the opportunity to launch continuous training courses.