Back to All Events

GDPR and Health Research

  • 5 CPD Hours Apex Building, Blackthorn Road Sandyford Business District D18 (map)

As of May 25th 2018, GDPR came into force and will have a significant impact on how healthcare research is conducted. 

In addition to the legal requirements of GDPR the Health Research Regulations were signed in to law by ministerial order in August 2018. These Regulations enforce certain governance and procedural requirements on researchers and the organisations they work for.

Data Protection Impact Assessments will become an important part of conducting research. Data Protection Impact Assessments, which are to be carried out by the Data Controller with the assistance of the Data Protection Officer if necessary, are mandatory in almost all cases under the new EU General Data Protection Regulation (GDPR). These assessments are essentially a risk assessment of proposed processing of personal data and also displays compliance with the privacy by design requirement of GDPR. 

Healthcare Research is an area that has to consider many factors when processing personal information, the issue of consent is an obstacle that many researchers are faced with and it can be confusing to navigate. 

This course will provide delegates with clear processes to follow when conducting health research to ensure compliance with the relevant law and guidelines. It will also provide guidance on constructing a DPIA for research purposes. It will clarify the roles of the processor and controller, how to classify which is covered under identifiable, pseudonymised or anonymous data. Delegates will also leave with an informative and invaluable course pack to refer back to. 

Course Content

  • Health Research Regulation, Data Protection Act 2018, GDPR and their impact on Health Research

  • The roles of the data processor and data controller 

  • The 7 principles of GDPR 

  • Knowing the difference between identifiable, pseudonymised or anonymous data

  • The lawful basis for processing data 

  • Conducting a research data risk assessment

  • The methodologies of DPIA 

  • The rights of the subject and how to inform them 

  • Consent 

  • What constitutes a GDPR compliant consent

  • Dealing with capacity issues and consent

  • Consent Declaration Committee

  • Transferring research data outside of the EU 

  • Ongoing Research and their obligations

  • Key risks and risk management 

  • Producing the DPIA report

Who Should Attend?

This course would be relevant to Data Protection Officers, researchers, data processors data controllers or responsible for the implementation and follow-through of your organisation’s Data Protection. 


On completion you will receive your CMG MasterClass Certificate of Attendance as well as your CPD Certificate containing 5 Structured CPD Points. Please note certificates are issued only at the close of the training course to participants who complete the full 5 hours.


This course costs €375 (Early-bird) normal rate is €425. Includes course documentation and light refreshments. While the course fee does not include lunch, we do provide freshly made sandwiches, coffee and a range of teas and fresh juice for those who require a light lunch. Alternatively you can avail of the local food stores and coffee shops opposite the training centre for hot food or alternative lunch options.