Personal Data Protection

Note: the following text includes concise information for the general public, and it does not replace in any way the detailed, personal information which is provided to each potential participant before making the decision to participate in the Research and before the provision of the relevant written consent. It does, however, effect the purpose of public information that is required according to par. 5(b) of article 14 GDPR regarding the present use of personal data contained in medical records that have been compiled before the commencement of the present Research, for its scientific purpose. 

PERSONAL DATA & THE SPECIAL CATEGORY OF HEALTH DATA

‘Personal data’ means any information relating to a living person (‘data subject’) by which the person’s identity can be verified, directly or indirectly. Such information is: name, identity number, social security number, vat number, mobile phone location data, online identity identifier, as well as factors specific to physical, physiological, genetic, psychological, economic; cultural or social identity of the person.

Personal data concerning health are a special category of personal data as they relate to the physical or mental health of a natural person, including the provision of health care services.

The Greek legal framework governing the protection of the special category of health data is the Code of Medical Ethics (Law 3418/2005, article 14: Maintenance of a Medical Record), as well as Law 4624/2019, (Government Gazette Α137/ 29.08.2019) entitled “Hellenic Data Protection Authority, implementing measures of Regulation (EU) 2016/679″ which implements the General Data Protection Regulation / General Data Protection Regulation” for the protection of natural persons with regard to the processing of personal data and for the free movement of such data” [Regulation (EU) 2016/679].

Any collection and processing of personal data concerning a person’s health must be lawful, i.e. it must be carried out in compliance with the above legal framework, it must be carried out with the consent of the data subject, it must be carried out for a specific purpose, it must be the minimum possible (i.e. only as much as is required for the fulfilment of the purpose for which the data are collected), it must be accurate, it must enable the data subject to correct it, it must be done confidentially (i.e. ensure its confidentiality) and it must be carried out while guaranteeing the accountability of the person collecting and processing the data.

 

HEALTH PERSONAL DATA & MEDICAL RESEARCH – PARTICIPATION IN THIS RESEARCH

 The lawful use of health-related data for the purpose of medical research is the subject of more specific regulations. With these, the supranational and the national legislators weigh the benefit expected from the results of medical research for society as a whole and for public health, against the -always due- protection of the rights of the persons who contribute the data.

This Research has been designed and is being implemented in compliance with applicable legislation on the protection of personal health data as well rules that ensure medical confidentiality. In principle, participation in the Research is granted after each participant has been personally informed and has provided a written consent. This Research will also include data which derive from patients’ medical records which have already been compiled before its commencement. The exception described in par. 5(b) of article 14 of the GDPR shall apply as far as this category of data is concerned. According to this exception, the use of data that have not been obtained by their subject is allowed when their processing is to be made in the public interest and for scientific research purposes, even without prior personal notification and explicit consent of the data subject, provided that the data controller takes appropriate measures to protect the data subject’s rights and freedoms and legitimate interests, including making the information publicly available.

The participation -itself- in the Research as well as the results that will be obtained are strictly confidential for the participants.

Biological samples and clinical data taken from the persons participating in the Research shall be codified and anonymized. Each person participating in the Research receives a unique code that is used in each report referring to their data. All data (e.g. age, gender, etc.) are related to the code of each participant in the Survey, without mentioning the participant’s name or making it able for the participant’s name to be derived. The information concerning the results of the examinations of the biological samples as well as the clinical data of each person participating in the Research are stored electronically in a secure database and are being evaluated statistically. After the completion of the Research, all data are stored and archived according to specific and traceable procedures that safeguard their security. Every publication of the results of the Research is made with respect to the protection of the personal data of the persons participating in it.

 

DATA RETENTION TIME – RESTRICTION OF RIGHT OF ACCESS & OBJECTION

Both the biological samples and the data records of the persons participating in the Research will be kept for a period of twenty (20) years, so that -if necessary- they can be used in future studies in the same scientific field of neurodegenerative diseases. The consent provided by the persons participating in the Research covers both this Research and any future studies in the specific field. According to the law, only if the purpose of the Research is seriously impeded shall any participant not be able to exercise the rights of access, rectification, restriction of processing and opposition to the processing of his/her data. The same applies to any future use of the data in other studies, during the period that they will be maintained.