Required cookies

This website uses cookies necessary for its operation in order to provide the user with content and certain functionalities (e.g. language selection). You have no control over the use of these cookies.

Website visitor statistics

We collect visitor statistics on the use of the site. The data is not personally identifiable and is only stored in the Matomo visitor analytics tool managed by CSC.

By accepting visitor statistics, you allow Matomo to use various technologies, such as analytics cookies and web beacons, to collect statistics about your use of the site.

Change your cookie choices and read more about visitor statistics and cookies


In the field of scientific research, the GDPR and its fragmented interpretation across Europe have increased bureaucracy and uncertainty regarding the correct procedures. The transfer of biomedical data has halted on many occasions, with member states opting to keep data within their own borders. To address this situation, it is paramount to ensure consistent interpretation and application of the GDPR across Europe. The guidelines and recommendations of the European Data Protection Board (EDPB) play a significant role in this regard. Additionally, input should be taken into account from entities such as the European Data Innovation Board (EDIB), established by the Data Governance Act, and other stakeholders.

The utilization of biomedical data for research purposes also faces significant challenges due to ambiguities concerning pseudonymization and determining adequate security levels for it. The GDPR evaluation reportshould clarify the interpretation of pseudonymized data regarding its status as personal data and overall adopt an enabling approach to data use and improve reusability of datasets. These needs are also highlighted in studies such as the report published by the Finnish Ministry of Education and Culture on the impact of social and healthcare legislation on research freedom and research, development, and innovation activities (available in Finnish at

In scientific research, expanding knowledge by enriching it with new information and integrating new data into broader contexts is essential. As research activities become increasingly data-intensive, it is necessary to critically examine the GDPR’s principle of data minimization in the context of research in the evaluation report. Furthermore, ensuring the proportionality and technical feasibility of requirements for secure data processing environments is important.

In the evaluation report, it must also be taken into account that the GDPR increases the costs of developing and maintaining RDI services. For example, developing and operating IT services that comply with GDPR requirements practically requires substantial resources and expertise. Privacy-by-design solutions facilitate cross-border research by increasing trust but are more expensive to produce and, consequently, more expensive for users to procure.

The administrative burden resulting from the role of data controller must also be reduced, not only through the effective use of codes of conduct, certification mechanisms, and standard contractual clauses but also by providing concrete guidance on what, why, and how to document. To achieve this, uniform templates, for example, should be developed.

The secure and seamless research use of biomedical data can provide a competitive advantage for European research and thereby contribute to improving public health and well-being throughout Europe. The GDPR evaluation report should therefore focus on ensuring that the regulatory framework enables the widest possible use of data in scientific research.