Dáil Éireann Debate, Tuesday - 23 June 2020
516. Deputy Róisín Shortall asked the Minister for Health the legal basis for processing DNA for research, particularly when access to the data will be determined by a commercial entity without robust public engagement. [12392/20]
View answerIt is the General Data Protection Regulation (GDPR) rather than domestic law that sets out the legal basis for the processing of any personal data, including for research purposes, and domestic law cannot amend the GDPR legal basis. Where health or genetic data is involved, the data controller concerned, whether it is a public authority or a commercial entity, must have a basis in Article 6 and meet a condition in Article 9. The data controller must also comply with the other requirements in the GDPR, in particular the principles in Article 5, and have suitable and specific safeguards in place such as those set out in the Health Research Regulations.
