Jusletter IT

This contribution addresses, under three different profiles, the issue of governance of personal data in health research within the EU legal framework, analyzing how the current discipline of personal data protection, notably provided by the GDPR, represents an opportunity for all operators and for the healthcare system in general. It is noteworthy, on this regard, to point out that patients have a twofold rule, being on the one hand the source of the data and, on the other hand, the recipients of the benefits that can be drawn from them. To begin with, we describe how data governance becomes indeed proactive towards innovation, through the creation of a dynamic and flexible network of relationships between all the actors involved. Secondly, we show how it is possible, in light of the state-of-the-art of legal informatics, to automate GDPR compliance processes not only increasing efficiency and transparency in data processing, but also promoting an effective cultural revolution in terms of accountability. Thirdly, we describe how the compliance of the GDPR can trigger virtuous processes of aggregation between different organizations, and how paradoxically it is precisely by integrating heterogeneous resources that innovation can be triggered.