GREECE Law and Practice Contributed by: Angela Livgieri, Danai Panopoulou and Iliana Andronou, ALG Manousakis Law Firm
2.4 Restriction on Using Online Tools to Support Clinical Trials In Greece, there are no explicit restrictions on the use of online tools in clinical trials. However, the use of these tools must comply with both nation- al and European legislation. This includes the CTR, Ministerial Decision No G5α/59676/2016 on Clinical Trials, and EU Regulation 2016/679 (General Data Protection Regulation – GDPR), along with its implementation of Greek Law 4624/2019. Additionally, guidance from EOF must be followed to ensure the protection of clinical trial participants’ data privacy rights. More specifically, Ministerial Decision No. G5α/59676/2016 (Articles 8, 13 and 24) describes the processes throughout the clinical trial course in Greece and the obligations assigned to spon- sors and clinical research organisations (CROs) regarding protecting the participant’s data, including using appropriate security measures. In addition, a Data Protection Impact Assess- ment has to be conducted; appropriate pri- vacy-related information must be provided to individuals concerned, and data processing agreements (DPAs) are required between spon- sors, investigators, and tool providers. The Hel- lenic Data Protection Authority (HDPA) oversees the enforcement of data protection regulations in Greece. While the HDPA has not issued specific guidance on the use of online tools in clinical trials, sponsors and investigators must ensure that any digital platforms used for recruitment or monitoring purposes implement appropriate technical and organisational measures. 2.5 Use of Data Resulting From Clinical Trials Data from clinical trials is classified as sensitive health-related information regarding an individu-
al’s past, present, or future physical and mental health (Article 4(15) GDPR). Transferring clinical trial data to third parties or affiliates is allowed under specific conditions: • Within the EU/EEA – It is allowed, provided that clinical trial participants have been duly informed through the informed consent form and processing is in accordance with the trial’s approved protocol. • Outside the EU/EEA (International Transfers) – If data is transferred to a third country (eg, the US), additional safeguards are required: (a) the recipient country must have an adequacy decision from the European Commission (eg, under the EU-US Data Privacy Framework); (b) if no adequacy decision exists, Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) must be used; and (c) additional security measures (eg, encryp- tion, pseudonymisation) may be required. To ensure compliance, before transferring clinical trial data to third parties or affiliates, the spon- sor must execute a Data Processing Agreement (DPA) (along with the execution of the appropri- ate Standard Contractual Clauses if applicable for international transfer) with third-party ven- dors or enter into an intragroup data transfer agreement with its affiliates. 2.6 Databases Containing Personal or Sensitive Data Below, you will find requirements applying to the creation of database containing personal or sen- sitive data (in accordance with GDPR and Law 4624/2019).
125 CHAMBERS.COM
Powered by FlippingBook