SPAIN Law and Practice Contributed by: Lluís Alcover, Eduard Rodellar, Laia Rull and Pablo Mansilla, Faus Moliner
for the implementation of decentralised elements in clinical trials, providing a series of recommen- dations on procedures performed with online tools to support clinical trials, such as online recruitment, electronic informed consent and telemedicine for remote monitoring. The use of these online tools is subject to appropriate safe- guards to ensure participant safety and protect their rights. For example, the patient informa- tion sheet must clearly detail any decentralised elements, identify potential additional risks, and specify the measures in place to protect patient privacy. 2.5 Use of Data Resulting From Clinical Trials Provided that it is not aggregated or anonymised, the data resulting from clinical trials is recog- nised as a special category of personal data and is therefore subject to restrictive guarantees by the personal data protection regulations appli- cable in the EU (ie, the General Data Protection Regulation; GDPR) and Spain (ie, Law 3/2018 on the Protection of Personal Data). Generally, personal data resulting from clinical trials may not be transferred to a third party, or an affiliate, in a country that does not provide an adequate level of protection without complying with the provisions of Chapter V of the GDPR. In such cases, the sponsor must adopt one of the safeguards set out in Article 46 of the GDPR. In those cases where there is an intention to use participants’ data for future research or outside the protocol of the clinical trial (secondary use), data processing must be grounded in one of the lawful bases set forth in the GDPR. Additional Disposition 17 of Law 3/2018 has established specific provisions for secondary use of health data. In this regard, the re-use of data from previ- ous studies is considered lawful and compatible
with clinical investigation purposes, provided that the new research is related to the scientific area of the original study for which consent was obtained. In such cases, the site or the sponsor must publish the information established by Arti- cle 13 of the GDPR in an easily accessible place on its website and notify the data subjects. In addition, a prior favourable report from a CEIm is required. 2.6 Databases Containing Personal or Sensitive Data Databases containing personal data (eg, health data) are subject to the GDPR and Law 3/2018. In this regard, it is necessary to obtain the patient’s informed consent prior to entering their data in the database, or to rely on another lawful basis for the processing of the data (Article 6.1 of the GDPR), as well as a valid exception to the prohibition of processing health data (Article 9.2 of the GDPR). It is important to note that if a database involves the collection of information on medicinal prod- ucts prescribed to patients, it may fall under the scope of observational studies involving medic- inal products, as regulated by Royal Decree 967/2020, and thus be subject to the require- ments established therein. 3. Marketing Authorisations for Pharmaceuticals or Medical Devices 3.1 Product Classification: Pharmaceuticals or Medical Devices Products are classified as medicinal products or medical devices on a case-by-case basis. According to Directive 2001/83/EC and Royal Legislative Decree 1/2015, a product shall be
309 CHAMBERS.COM
Powered by FlippingBook