K8. Description of the processing of personal data

The description of the procedures in the research protocol or in an annex must demonstrate compliance with the General Data Protection Regulation (EU no 2016/679, GDPR), in particular (see MDR, Chapter II, Section 4.5 of Annex XV):

  • organisational and technical arrangements that will be implemented to avoid unauthorised access, disclosure, dissemination, alteration or loss of information and personal data processed;
  • a description of the measures that will be implemented to ensure confidentiality of the records and personal data of subjects;
  • a description of the measures that will be implemented in case of a data security breach in order to mitigate the potentially adverse effects.