European Union Regulation on Personal Data Protection in Medical Writing

Abstract

The European General Data Protection Regulation 2016/679 (GDPR) aims to harmonize data protection laws across European Union (EU) Member States. The goal of GDPR is to ensure respect of the fundamental right to protection of the personal data and privacy, to enhance security measures, including information technology (IT) for data protection, and to render natural persons control over their personal data. Importantly, companies, institutions, freelancers (including medical writers) located outside the EU and handling personal data of natural persons living on the territory of the EU must comply with GDPR.

Medical writers edit documents related to the activities in health sector that comprise personal data, specifically health data considered as sensitive data. Therefore, medical writing should put in place robust security measures and comply with the GDPR. This article is a clarification of the GDPR notions, principles, technical and organizational measures applied to the medical writing to guarantee protection of the personal data and respect of individual’s rights and freedoms.