The Impact of the GDPR on the Governance of Biobank Research

Governance of health and genomic data access in the context of biobanking is of salient importance in implementing the EU General Data Protection Regulation (GDPR). Various components of data access governance could be considered as ‘organizational measures’ which are stressed in the Article 89(1) GDPR together with technical measures that should be used in order to safeguard rights of the data subjects when processing data under research exemption rules. In this chapter, we address the core elements regarding governance of biobanks in the view of GDPR, including conditions for processing personal data, data access models, oversight bodies and data access agreements. We conclude by highlighting the importance of guidelines and policy documents in helping the biobanks in improving the data access governance. In addition, we stress that it is important to ensure the existing and emerging oversight bodies are equipped with adequate expertise regarding using and sharing health and genomic data and are aware of the associated informational risks.