The European Data Protection Regulation applies since May 25th 2018. It creates a uniform data
protection legal framework within the EU. National and international medical research projects
regardless of whether they were started before or after the introduction of the GDPR are
obliged to follow this new regulation and implement it promptly. This raises various challenges
for a large number of medical research projects. The University Medicine Greifswald
commissioned this legal report that was prepared by DIERKS+COMPANY. Two real-world research
projects the Baltic Fracture Competence Centre (BFCC) as well as the German Centre for
Cardiovascular Research (DZHK) provide use cases questions and context for this legal report.
It addresses questions regarding all steps of data processing. The report provides practical
answers to a wide array of technical and organisational questions in the area of data
protection-compliant processing of research data. A comprehensive guide to GDPR-compliant data
processing has been developed which both summarises the broad legal environment and provides
specific assistance in the design and implementation of GDPR-compliant data management
processes including Informed Consent Legal Consequences of Withdrawal and Privacy by Design.
