The description of the procedures in the research protocol or in an annex must demonstrate compliance with the General Data Protection Regulation (EU no 2016/679, GDPR), in particular (see MDR, Chapter II, Section 4.5 of Annex XV):
- organisational and technical arrangements that will be implemented to avoid unauthorised access, disclosure, dissemination, alteration or loss of information and personal data processed;
- a description of the measures that will be implemented to ensure confidentiality of the records and personal data of subjects;
- a description of the measures that will be implemented in case of a data security breach in order to mitigate the potentially adverse effects.