g-docweb-display Portlet

Guidelines-ClinicalTrials- 19 novembre 2007

Stampa Stampa Stampa
PDF Trasforma contenuto in PDF

[doc. web n. 1519230]
[doc. web n. 
1468981 Linee guida per i trattamenti di dati personali nell´ambito delle sperimentazioni cliniche di medicinali - 29 novembre 2007]

IL GARANTE PER LA PROTEZIONE DEI DATI PERSONALI

Guidelines for Data Processing within the Framework of Clinical Drug Trials
As published in the Official Journal of the Italian Republic (no. 291 dated 15 December 2007)
(A public consultation was launched on these guidelines in order to receive suggestions and comments. The deadline for submissions was February 15, 2008.)


Table of Contents

1. Preliminary Remarks
2
. Applicable Legislation
3
. Processed Data
4
. Controllership in Trial-Related Processing Operations
5
. Other Entities Involved in Clinical Trials
6
. Information Provided to Patients
7
. Consent to the Processing of Personal Data
8
. Cross-Border Data Flows
9
. Retention Period and Processing of the Data for Further Research-Related Purposes
10
. Safekeeping of the Data

Sommario

1. Preliminary Remarks
Clinical trials on humans are aimed at detecting and/or verifying the effects of test drugs, including adverse reactions, in order to establish safety and effectiveness of such drugs. These studies are often sponsored by pharmaceutical companies (in their capacity as either promoters, customers, or sponsors) at  both national and international level – in the latter case, it is often companies belonging to multinational groups that come into play.

After drafting a protocol to lay down the design, objectives and methodology of the trials, the companies in question submit the documents required for implementing such trials to the competent authorities and the relevant ethics committees.

Trial activities are carried out at one or more hospitals, universities and/or public or private authorised research centres (trial centres).

Several medical/clinical data along with biological samples from the patients accepting to be enrolled are collected in compliance with the protocol, on several occasions in the course of the trial, via medical examinations and/or diagnostic tests performed by trial physicians / medical staff.

This information may be accessed not only by the medical staff working at the individual centres – indeed, the sponsor supervises the progress made by a trial to ensure that it is in line with the respective protocol. To that end, the sponsor may avail itself of own collaborators (clinical study monitors), who visit the trial centres to perform monitoring activities and – where necessary – inspect the patients´ original records as made available by the physicians (e.g. health records, clinical files, laboratory reports, investigational findings, etc.).

The information collected at each trial centre is forwarded to the sponsor company; this usually takes place on several occasions during the trial, or else upon conclusion of the trial in the given centre. Thereafter the information is usually entered by the sponsor companies – either directly or via external entities – in a single database that is used to check and validate the data and subsequently perform statistical analyses in order to obtain the results that will be documented in a report.

In the trials sponsored by pharmaceutical companies belonging to multinational groups, the recipients of the data related to enrolled patients are usually the holding/parent companies – who may happen to be based outside the national territory. Additionally, the sponsor companies often avail themselves of external entities (clinical study monitors, research organisations working on a contractual basis, analysis labs, etc.) that are established in some cases outside the EU; those entities may carry out any of the tasks related to the trial – e.g., monitoring of the trial; data entry, validation, and statistical analysis; pharmaceutical vigilance; performance of clinical and lab tests as envisaged in the protocol; and so on. Accordingly, many items of information and/or biological samples are shared by various entities that may happen to be established in third countries and are enabled to access and/or hold the information in question – namely, the sponsor company; clinical study monitors; external entities co-operating with the sponsor company in entering and analysing the data; clinical labs; etc. .

The information gathered in the course of a trial is retained for a considerable amount of time after completing the trial, in order to prove that the trial was performed appropriately and the data were not tampered with – also in connection with inspections carried out by the competent authorities.

Based on the analysis performed so far, the collection, dissemination and massive retention (partly in third countries) of multifarious items of information related to the health of individuals enrolled in clinical trials are fraught with several criticalities with regard to the protection of personal data; accordingly, a high standard of protection is required in order to prevent specific risks from affecting data subjects.

Given certain circumstances arising out of the initial investigations performed in respect of some companies, this Authority considers it necessary to draw attention to the regulatory framework the companies in question should rely upon to ensure fair, lawful data processing. The Garante reserves the right to investigate, on a separate count, any violations committed by individual companies as well as to supplement these Guidelines by having regard to data processing mechanisms and the use of new technologies – also in the light of the experience gathered and the implementation of these Guidelines.

Sommario

2. Applicable Legislation
Clinical trials should be managed in compliance with the ethics principles grounded in the Helsinki Declaration (dating back to June 1964 and subsequently amended), the requirements set out in international clinical good practice standards (GCP) as also adopted by the EU (and taken up in Italy´s legal system: see legislative decree no. 200 dated 6 November 2007; legislative decree no. 211 dated 24 June 2003; Ministerial decree dated 15 July 1997), and the standard operational procedures (SOP) applied by the sponsor companies. Trial centres should carry out their studies in compliance with the sponsor´s protocol and standard operational procedures and may not depart from and/or modify them without the sponsor´s prior agreement. This is without prejudice to exceptional situations as related to impending risks for patients and/or modifications that only impact on minor elements of the trial (section 10(1)a. of legislative decree no. 211/2003; see also Ministerial Decree dated 15 July 1997, passim).

Under the applicable legislation, there are several cases in which the medical/clinical data collected by the trial centre have to be disclosed to the sponsor. This applies, first and foremost, to the medical/clinical data related to each trial participant, which must be entered by physicians in case report forms (CRF) and forwarded to the trial sponsor (see Ministerial decree dated 15 July 1997). Trial centres are required additionally to notify the sponsor of adverse events and reactions (Ae and Adr) as possibly related to administration of the trial drug or else to trial performance – along with such other follow-up information as may be relevant (see sections 16 to 18 of legislative decree no. 211/2003).

With a view to protecting patients´ identity, the legislation at issue requires each trial centre to allocate an identification code to each patient and use this code instead of the patient´s name as regards any communications of trial-related data addressed to the sponsor (see Ministerial decree dated 15 July 1997, passim; see also section 16(5) of legislative decree no. 211/2003). A hard-copy list where the codes are matched with patients´ identification is only held by each trial centre as a confidential document that is essential for trial performance (see Ministerial decree of 1997, passim).

Case report forms, notifications and reports of adverse events and/or reactions – insofar as they are essential for trial performance – must be retained under the said legislation both by the sponsor and by the individual trial centres for at least seven years as from trial completion, or for any longer period as may be provided for in the applicable legislation and/or the agreements between the sponsor and the said centres (see section 18 of legislative decree no. 200/2007; legislative decree no. 219/2006, Annex 1, point 5.2 letter c.; Ministerial decree dated 15 July 1997, passim).

Sommario

3. Processed Data
As a rule, pharmaceutical companies have developed specific internal procedures to encode patients´ medical/clinical data as used by trial centres. Digital codes are used to unambiguously identify the individual patients in a given trial without relying on their names, address information and/or personal identification numbers.

However, some pharmaceutical companies require trial centres to enter patients´ first and last names and the respective identification codes on case report forms as well as on adverse events/reactions reports – which have to be forwarded to the companies. Additionally, protocols require trial centres to collect, as a rule, additional information on top of the medical/clinical data related to patients – e.g. population data (birth date and/or age, sex, ethnic/racial origin, weight, height), medical history (depending on the purposes of the trial), and/or lifestyle information. This information is reported on documents that are essential for trial performance and is retained by both trial centres and the sponsor company for a period that – depending on the applicable legislation – may cover the whole term of the licence issued for the given drug in the individual countries.

Although it is envisaged that the list where patients´ names are matched with the corresponding identification codes should only be held by each trial centre, and that the sponsor should in no case become apprised with patients´ identities, it is a fact that the sponsor can access, via its own study monitors, the patients´ original medical records at the trial centre – under medical supervision – to check whether the data are accurate and complete; additionally, the sponsor can access, via the same mechanism, the list containing patients´ names in connection with the checks on the procedures aimed at obtaining their informed consent.

Based on the guidance provided by the Article 29 Working Party in their opinion no. 4/2007 (WP136) on the concept of personal data, it should be pointed out that the information collected in the course of these trials includes, as a rule, one or more items related to the patients´ identity – such as their height or certain diseases. Combining the items in question can allow identifying the individual data subject – for instance by matching a patient´s initials with his/her birth date and/or location as based on the identification data held by the trial centre and/or the trial physicians.

The encoding mechanisms deployed by sponsor companies are a specific security measure that is adopted in pursuance of the legislation in force to protect patients´ privacy – however, they are not such as to anonymize the data to be processed in connection with the trial (see section 16(5) of legislative decree no. 211/2003; Ministerial decree dated 15 July 1997, passim; see also the Garante´s authorisation no. 2/2007 for the processing of data suitable for disclosing health and sex life, in particular point 1.2 a. thereof – available on the Garante´s website as document no. 1429775.) Indeed, the mechanisms in question are aimed at ensuring – pursuant to the specific regulations – that the individual patient can be identified in specific cases – e.g. to allow the trial physician, who is the only entity having direct contacts with the patient, to modify or terminate the trial drug treatment in the presence of adverse reactions and/or events; or to enable study monitors to check, on behalf of the pharmaceutical company, that the information gathered in the course of the trial  is consistent with the patients´ original medical records; or else to allow the pharmaceutical company to use the information obtained in connection with the trial to establish or defend a judicial claim. Similarly, account should be taken – with a view to identification – of the retention period applying to the identification list, the risks related to failure and/or malfunctioning of the technical and organisational measures adopted to ensure data preservation and security, the dangers arising out of the violation of confidentiality and privacy rules set out in the applicable legislation, and the precautions study monitors are required to take in order to keep confidential the data subjects´ identity.

Given the amount and type of the information made available to the sponsor company, the processing mechanisms at issue and the various entities that can access trial data, it can be concluded that data subjects can be identified, albeit indirectly, by reference to other data held by the sponsor and/or to any other information that need not be held by the sponsor as it may be held by third parties. This conclusion can be drawn by having regard to the means that can be reasonably used by the sponsor company and/or third parties in view of identifying data subjects (see Recital 26 of directive 95/46/EC).

It follows that the information related to each patient´s identification code is to be regarded as personal data concerning the patient´s health that can be traced back to the individual data subject (see Article 2(1) a. and Article 8 of directive 95/46/EC, and section 4(1)b. of the Italian DP Code). Acquisition of this information by the sponsor companies in connection with clinical trials and the subsequent handling of such information give rise to data processing operations that are subject to the provisions set forth in the DP Code regarding information suitable for disclosing one´s health (Section 26); furthermore, such operations are subject to the precautions intended to safeguard data subjects´ rights and privacy in pursuance of the Garante´s authorisation no. 2/2007 on the processing of data related to health and sex life (see decision no. 25 dated 28 June 2007, document no. 1429775) and, where applicable, of the Garante´s authorisation on the processing of genetic data (see decision dated 22 February 2007, document no. 1389918).

Sommario

4. Controllership in Trial-Related Processing Operations
It is fundamental to establish the relationships between the pharmaceutical companies sponsoring clinical trials and trial centres as for the processing of personal data. In this connection, it is necessary to clarify what role is actually played by the said companies in determining the purposes and mechanisms of the processing – also in light of the guidance provided by the Italian DP Authority as to the concepts of "data controller" and "data processor" (see Opinion dated 18 May 2000, document no. 
30935).

It should be recalled that, prior to starting the trial, the sponsor company selects the candidate centres by assessing the respective eligibility and interests; the company subsequently draws up the trial protocol and provides the necessary guidance to the centres with regard to data processing – including retention and security mechanisms – along with instructions related to use of the IT systems deployed, which in some cases are made available to the individual centres. The sponsor company verifies compliance by the centres with both the protocol and the respective internal procedures, via own collaborators; draws up the documents to be used for providing notice to the patients and obtaining their consent as also related to processing of their personal data; finally, the company notifies the centres that it is no longer necessary for them to keep the trial-related documents.

Therefore, the sponsor does not collect any data directly nor may the sponsor interact with trial patients – both tasks being committed to the trial physicians. However, the sponsor does acquire the patients´ data as collected by trial centres, on several grounds, and processes those data in different ways. Indeed, the sponsor company evaluates the information contained in the original medical documents as well as in the patients´ identification lists via own collaborators visiting the centres. Additionally, the sponsor receives the data entered by each centre in the case report forms and the reports of adverse reactions and events; it enters these data in the relevant database – whether directly or via external entities in charge of carrying out all and/or part of trial-related activities; and it verifies, validates and performs statistical analyses on the data in order to achieve the trial results.

On the other hand, it should be pointed out that the individual trial centre is not under the sponsor´s control – i.e., it accepts the protocol and agrees on its contents with the sponsor, including the wording to be used for obtaining the patients´ informed consent in line with the opinion rendered by the relevant ethics committee. The centre carries out the trial autonomously – albeit in compliance with the applicable protocol, the standard operational procedures, and the sponsor´s guidelines; additionally, the centre avails itself of collaborators considered to be suitable in carrying out the trial and is responsible for their work. The centre provides the information notices to patients and obtains their consent as also related to processing of the data concerning them; it allows the sponsor´s collaborators to access the patients´ original medical documents to perform monitoring activities; and it handles and is responsible for the safekeeping of those documents.

Based on the information gathered also following the inspections performed so far, it appears that the responsibilities vested in the individual trial centres and sponsor companies are different as regards clinical trials – accordingly, they should be regarded as either separate data controllers or joint data controllers (under section 28 of the DP Code). To lawfully process trial-related data, the companies in question are therefore required to comply with the DP Code and the aforementioned general authorisation by the Garante – with particular regard to processing mechanisms and data quality requirements, appointment of the persons in charge of the processing and data processors, if any, and ensuring preservation and security of the information at issue (see sections 11, 29-31 et seq. of the DP Code; see authorisation no. 2/2007, in particular point 1.2 thereof). Furthermore, the fact that trial data are forwarded by the centres to the sponsor companies entails a veritable "communication" of the data along with their processing by third parties – which have to be detailed in the information notices provided to data subjects as well as in the consent forms, also in view of exercising the access rights and all other rights mentioned in sections 7 and 8 of the DP Code (see section 13, 23, 26 of the DP Code).

Sommario

5. Other Entities Involved in Clinical Trials
The sponsor company may enter into an agreement with external entities (contract-based research organizations, clinical analysis labs, etc.) to entrust them with part or all of the tasks and functions it is responsible for in connection with the trial, whereby such tasks and functions will have to be specified in writing (Ministerial decree dated 15 July 1997). In that case, the entities in question – which may be natural persons as well as companies, institutions and/or other bodies – may carry out activities in connection with the trial such as to entail (depending on the specific circumstances) the processing of personal data related to the individual trial patients. This may be the case, for instance, if they are in charge of monitoring the trial; entering, validating and/or performing statistical analyses on the data; or carrying out pharmaceutical vigilance activities.

The entities in question usually work on the sponsor´s behalf - indeed, in the sponsor´s name in some cases – by complying with the sponsor´s standard operational procedures or else with their own procedures, which will have been evaluated and endorsed by the sponsor, or in pursuance of  specific guidelines issued in writing by the sponsor on a case-by-case basis. To that end, the sponsor often organises specific training sessions for collaborators and reserves the right, in some cases, to determine their eligibility. The said entities may only use the information and documents obtained from trial centres in view of discharging the respective tasks; having concluded their collaboration, they deliver all the information and documents in question, as a rule, to the sponsor company.

As regards monitoring, the pharmaceutical companies sponsoring clinical trials may avail themselves not only of internal staff, but also of external collaborators. In both cases the so-called clinical study monitors are selected, appointed and trained on purpose by the sponsor, who determines scope and type of the monitoring. In discharging their tasks, they are also required to comply with the procedures developed by the sponsor and the specific instructions issued by the latter as well as being subject to the sponsor´s supervision – indeed, they have to submit a written report after each visit at a trial centre and/or after each communication related to the trial (Ministerial decree dated 15 July 1997).

Hence, the relationship between sponsor companies and the external entities that are entrusted with part or all of the activities related to clinical trials (including clinical study monitors) can be construed as the relationship between the "data controller", on the one hand, and the "persons in charge of the processing" (which may only be natural persons), on the other hand; alternatively, it can be equated to the relationship between data controller and data processors (which may be either natural or legal persons), depending on the discretion left to the external entities in respect of data processing. It is therefore necessary for the data controller to formally appoint the entities in question pursuant to the provisions of the DP Code concerning data processors and/or persons in charge of the processing, and to issue the instructions they are required to abide by in processing trial-related data (see sections 29 and 30).

The entities in question can access the patients´ personal data for the purposes of the trial, acting in their capacity as collaborators of the sponsor companies; therefore, they must be mentioned (also as a category) in the information notices to be provided to data subjects. Where several data processors are appointed, at least one of them should be named explicitly along with the mechanisms to retrieve the updated list of data processors, also online (e.g. on the relevant sponsor´s website) (see section 13 of the DP Code). Conversely, if the sponsor companies hold the view that the entities in question may not be appointed as "persons in charge of the processing" or else "data processors" under the terms of the DP Code, those entities might ultimately process the data in breach of the law and act as separate "data controllers." In the latter case, the information on trial patients obtained from the centres would give rise to a communication of personal data that would only be lawful with the data subjects´ specific, informed consent (see section 11(1) a. and sections 13, 23, and 16 of the DP Code).

In order to ensure confidentiality of medical information, which in some cases allows patients to be identified directly, the study monitors must abide by confidentiality rules equivalent to professional secrecy requirements. The appointment procedures must be such as to envisage the attendance of specific training sessions to highlight the risks and responsibilities arising out of the processing of the information at issue; the instructions to be complied with in keeping and securing the data; the privacy and confidentiality obligations set out in the applicable legislation (section 3(1)c., and section 11(3) of legislative decree no. 211/2003); and the specific precautions to be taken in order to safeguard trial patients´ identities, also vis-à-vis the sponsor company (Ministerial decree dated 15 July 1997).

Sommario

6. Information Provided to Patients
As a rule, the sponsor companies determine the information to be provided to patients and the procedures for obtaining data subjects´ consent via the trial centres; this also applies to processing of the data concerning trial patients, in view of the assessment to be performed by the relevant ethics committees (see sections 6-8 and 11 of legislative decree no. 211/2003).

However, it is often the case that sponsor companies request trial centres to inform the patients concerned that their data will be made available to the sponsor by the trial physician exclusively in anonymous format – as they mistakenly believe that data protection legislation does not apply to the information related to trial patients. By doing so, they actually prevent the patients concerned from fully comprehending what role is played ultimately by the sponsor company and all the other entities employed by the sponsor as for data processing operations.

Hence, the information intended for trial patients is not in line with the DP Code (section 13) if worded as above, because it does not allow the data subjects to signify their wishes in full recognition of the circumstance that the processing operations performed either by the sponsor or by the sponsor´s collaborators (also abroad) concern information that, though encoded, can be traced back to the data subjects in question.

The information notices trial centres must provide to data subjects should therefore refer specifically to the following:

a. the nature of the data processed by the sponsor and the fact that this data is transferred abroad;
b. the role actually played by the sponsor as for processing of the data and the purposes and mechanisms of such processing;
c. the entities (or categories) the data may be communicated to, or that may become apprised of the data in their capacity as either persons in charge for the processing or data processors;
d. the mechanisms to exercise access rights and all the other rights related to personal data with regard to the sponsor and all the other data recipients (sections 7 and 8 of the DP Code).

Sommario

7. Consent to the Processing of Personal Data
The form trial centres are required to submit to data subjects in order to obtain their consent to the processing of their personal data is usually drawn up by the sponsor companies and then submitted for assessment to the relevant ethics committees (sections 6-8 and 11 of legislative decree no. 211/2003).

The wording used as a rule to convey the person´s consent merely authorises the physicians to have the patients´ original medical records examined by the sponsor´s study monitors (or by external staff delegated by the latter), the members of the ethics committee(s), and the competent health care authorities in order to check on trial procedures and/or data accuracy (see Ministerial decree dated 15 July 1997).

onversely, the wording in question does not enable data subjects to signify their wishes as to any further processing of their data that may be performed by the sponsor and/or the entities collaborating with the sponsor (also abroad) in connection with the trial.

The sponsor company and its collaborators may not lawfully use the trial patients´ data unless they obtain the patients´ specific consent beforehand, via trial centres, with regard to the data processing operations they intend to perform (see sections 23 and 26 of the DP Code).

Sommario

8. Cross-Border Data Flows
The information and biological samples collected by trial physicians in a given country are often transferred to entities located in other countries, at times outside the EU, or else made available to several categories of entities established in such countries. This is often the case with the trials sponsored by pharmaceutical companies belonging to multinational groups – since it may well be that the sponsor, the clinical study monitors, the analysis labs and the external collaborators are located in third countries.

The information in question relating to the individual patients/data subjects may be lawfully transferred to non-EU countries ensuring no adequate protection of personal data, providing the relevant patients were informed beforehand and gave their specific consent in writing (section 43(1)a. of the DP Code) or else equivalent, adequate safeguards are implemented as for the data subjects´ rights (section 44(1)b. of the DP Code). In particular, sufficient safeguards for the protection of data subjects´ private life and rights are afforded by standard contractual clauses for the transfer of personal data to "data processors" established in third countries (see the Commission´s decision dated 27 December 2001, no. 2002/16/EC, and the Garante´s decision no. 3 dated 10 April 2002, document no. 1065361) as well as by the standard contractual clauses for the transfer of personal data by a "data controller" in the EU to another "data controller" established outside the EU (see the Commission´s decision no. 2001/497/EC dated 15 June 2001, and the Garante´s decision dated 10 October 2001, document no. 42156; additionally, see the Commission´s decision no. 2004/915/EC dated 27 December 2004 and the Garante´s authorisation dated 9 June 2005, document no. 1151949).

n order to make use of the said clauses, it is necessary to first clarify and detail the roles played by the various entities involved in transfer and processing of the data pursuant to the standards described above – i.e., the data exporter must be the actual "data controller" whilst the data importer must be the actual "data processor" or else a separate "data controller". Additionally,  the main processing operations the transferred data are intended for will have to be specified.

As regards transferring the data to organizations established in the USA, adequate safeguards for data subjects are afforded by the recipients´ adhesion to the "Safe Harbor" principles relating to data privacy (see the Commission´s decision no. 2000/520/EC dated 26 July 2000 and the Garante´s authorisation dated 10 October 2001, document no. 30939).

Sommario

9. Retention Period and Processing of the Data for Further Research-Related Purposes
The data and biological samples related to trial patients must be kept for no longer than is necessary to achieve the purposes for which the data and samples were collected and processed (see section 11(1)e. of the DP Code, and the Garante´s authorisation to process genetic data dated 22 February 2007, document no. 
1389918).

In this regard, the provisions applicable to clinical trials require the key documents related to the trial (including the individual patients´ medical records) to be kept by the sponsor and trial centres for at least seven years as from completion of the trial, or else for a definitely longer period in pursuance of the applicable legislation and/or the agreements made between sponsor companies and trial centres (see section 18 of legislative decree no. 200/2007; legislative decree no. 219/2006, annex 1, point 5.2, letter c.; Ministerial decree dated 15 July 1997, passim).

Trial sponsors may lawfully use the data and biological samples related to individual data subjects in future studies and researches, also by availing themselves of the external collaborators they had employed for performing the trial, providing the patients were informed adequately thereof beforehand and gave their specific, separate consent in writing (see section 11(1)e. and sections 13, 26 and 99 of the DP Code; see also the authorisation dated 22 February 2007, document no. 1389918).

Sommario
10. Safekeeping of the Data
Further to the initial assessment, also of a technical nature, performed in connection with the inspections that were carried out at some sponsor companies and other entities participating in clinical trials, the appropriate arrangements and measures could be determined so as to safeguard data subjects in respect of the data processing operations performed for the purposes of such trials. The highly sensitive nature of the data processed in a trial mandates the adoption of specific technical measures to enhance data security (section 31 of the DP Code), without prejudice to such additional minimum measures as every data controller is required to take in pursuance of the DP Code (see section 33 et seq.). This is especially the case with the operations consisting in the electronic storage of trial patients´ data at trial centres, the transfer of such data via IT networks to a centralised database held by the sponsor company and/or any other entities that are in charge of validating and analysing the data on the sponsor´s behalf, and the handling of the database in question.

As for the said processing operations, clinical trial sponsors, contract-based research organizations, and trial centres should take the following measures – as based on the decision the Garante is about to make – with regard to the activities respectively performed:

a. strong authentication procedures to enable access to electronic processing systems for data storage;
b. file systems or database systems including advanced encryption functions based on robust algorhythms so as to protect the stored data against unauthorised access, theft or loss, in whole or in part, of storage media and/or portable/fixed processing systems;
c. secure communication protocols based on encryption standards for the electronic transmission of the data collected by trial centres to the centralised database held by the pharmaceutical company and/or any other entities in charge of subsequently  validating and performing statistical analyses on the data;
d. as regards specifically the database in question:

•  strong authentication procedures to enable access to the centralised systems underlying the database;
•  suitable authorisation profiles for the persons in charge of processing as a function of their respective roles and the specific access/processing requirements;
•  regular checks on quality and coherence of the authentication credentials and authorisation profiles allocated to the persons in charge of the processing;
•  audit logging to monitor database accesses and detect abnormalities.


The Garante reserves the right hereby to set the deadline by which the guidelines that are about to be issued will have to be implemented by clinical trial sponsors, contract-based research organizations, and trial centres. The Garante also reserves the right hereby to determine what processing operations may have to be notified to the DP authority in pursuance of section 37(2) of the DP Code.