The GDPR and the research exemption: considerations on the necessary safeguards for research biobanks

Staunton, Ciara ORCID logoORCID:, Slokenberga, Santa and Mascalzoni, Deborah (2019) The GDPR and the research exemption: considerations on the necessary safeguards for research biobanks. European Journal of Human Genetics, 27 (8) . pp. 1159-1167. ISSN 1018-4813 [Article] (Published online first) (doi:10.1038/s41431-019-0386-5)

PDF - Published version (with publisher's formatting)
Available under License Creative Commons Attribution 4.0.

Download (521kB) | Preview
[img] PDF - Final accepted version (with author's formatting)
Restricted to Repository staff and depositor only

Download (311kB)


The General Data Protection Regulation (GDPR) came into force in May 2018. The aspiration of providing for a high level of protection to individuals’ personal data risked placing considerable constraints on scientific research, that was contrary to various research traditions across the EU. Therefore, along with the set of carefully outlined data subjects’ rights, the GDPR provides for a two-level framework to enable derogations from these rights when scientific research is concerned. First, by directly invoking provisions of the GDPR on a condition that safeguards that must include ‘technical and organisational measures’ are in place and second, through the Member State law.

Although these derogations are allowed in the name of scientific research, they can simultaneously be challenging in light of the ethical requirements and well-established standards in biobanking that have been set forth in various research-related soft legal tools, international treaties and other legal instruments. In this paper we review such soft legal tools, international treaties and other legal instruments that regulate the use of health research data. We report on the results of this review, and analyse the rights contained within the GDPR and Article 89 of the GDPR vis-à-vis these instruments. These instruments were also reviewed to provide guidance on possible safeguards that should be followed when implementing any derogations. To conclude, we will offer some commentary on limits of the derogations under the GDPR and appropriate safeguards to ensure compliance with standard ethical requirements.

Item Type: Article
Research Areas: A. > School of Law
Item ID: 26800
Notes on copyright: This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this license, visit
Useful Links:
Depositing User: Ciara Staunton
Date Deposited: 14 Jun 2019 09:28
Last Modified: 29 Nov 2022 18:57

Actions (login required)

View Item View Item


Activity Overview
6 month trend
6 month trend

Additional statistics are available via IRStats2.