Oops, you're using an old version of your browser so some of the features on this page may not be displaying properly.

MINIMAL Requirements: Google Chrome 24+Mozilla Firefox 20+Internet Explorer 11Opera 15–18Apple Safari 7SeaMonkey 2.15-2.23

EU General Data Protection Regulation (GDPR)


The European General Data Protection Regulation: ESMO reinforces harmonious uptake of health research provisions

ESMO welcomes the coming into effect of the EU General Data Protection Regulation in its final form which protects the privacy of patients without jeopardising clinical, translational and epidemiological research. However, for scientific research, including oncology research, to benefit from the Regulation, it needs to be interpreted and applied appropriately and in a harmonised manner across the EU.

ESMO's objective has been to achieve a balance between citizen data security and protecting the much-needed work of researchers by ensuring access to data, acknowledging the strict safeguards protecting medical data that are already in place.

In particular, ESMO has relentlessly supported and advocated for:

  • The inclusion of a withdrawable ‘one-time consent’ from patients allowing their data and tissues to be used, subject to strict ethical standards, for future retrospective clinical research, which will also ensure the viability of biobanking (recital 33)
  • The inclusion of a ‘no-consent’ principle to allow research based on data from population-based disease registries in line with strict ethical standards (recital 157)

ESMO continues to stress the need for a harmonised implementation of the EU Data Protection Regulation and is committed to helping EU institutions and individual Member States protect the future of health research by understanding the importance of these two crucial provisions and ensuring their uptake in practice.

ESMO’s key messages

ESMO urges the EU Member States to take the following into considerations which are a serious cause for concern for future research, when they implement the GDPR:

  • GDPR Recital 33 should be acknowledged as a means to guarantee, in all EU Member States, that patients have the right to provide, if willing, a withdrawable “one-time consent” to using their data and/or biological samples for future retrospective research, under the scrutiny of appropriate reviewing bodies (institutional review boards and/or ethics committees)
  • GDPR Recital 157 should be acknowledged as a means to guarantee that in all EU member states’ population-based disease registries, including cancer registries, are allowed to operate with a “no-consent” policy under the supervision of relevant public health bodies
  • Recital 29 and Article 28 (2) of the EU Clinical Trials Regulation should be implemented across the EU 27 to give patients enrolled in a clinical trial the right to consent that their data to be used retrospectively beyond the end and scope of the trial for future research.

This site uses cookies. Some of these cookies are essential, while others help us improve your experience by providing insights into how the site is being used.

For more detailed information on the cookies we use, please check our Privacy Policy.

Customise settings
  • Necessary cookies enable core functionality. The website cannot function properly without these cookies, and you can only disable them by changing your browser preferences.