NIS Considerations
CHCUK Newsletter November 2009
In this Month's Issue
Broken Links
Data Protection
Data Protection: Germany
Data Protection: Portugal



Welcome to the 1st of our series of newsletters which aim to keep you up to speed with the regulations, guidelines and other news which may be relevant to you when managing and conducting non-interventional studies in Europe.

Feel free to contant me with suggestions and/or contributions to the newsletter.
Stuart McCully
Tel: +44 (0) 1997 42 33 11
Mobile: +44 (0) 7909 111 510
Broken Links
Broken Chain
The dynamic and ever-evolving nature of the jobs we do is what adds to the excitement of our work.  It also means that websites, legislation and guidelines are always changing and being updated which in turn results in broken hyperlinks.

We're very keen to ensure that you get the most optimal tools for your work, so if you do come across any broken hyperlinks in the NIS Report we would love to hear about them.  Please email us at with the word 'Links' in the title and we'll fix the broken hyperlink.
Research Coordinating Committee for Post-Authorisation Studies

A key impact of Royal Decree 1344/2007 of 11 October has been the mandate to create a 'Coordinating Committee for Post-Authorisation Studies' (the 'Committee'), which was formed on the 24th September 2008 from representatives of all of the Autonomous Communities and the Spanish Agency for Medicines and Health Products (AEMPS).

On the 1st June 2009, the Committee published their draft 'Guidelines on Post-Authorisation Studies of Drugs for Human Use' which have taken in to account the terms presented in Chapter I.7 of Eudralex Volume 9A.  This document is a draft pending a public hearing prior to its publication as a Cabinet Order.

These comprehensive guidelines cover:
  1. Background and Legal Basis
  2. Scope of the Guidelines
  3. Definitions
  4. Objectives of Post-Authorisation Studies
  5. Ethical Considerations
  6. Identification Requirements for those Responsible for the Studies and Key Elements to be Included in the Protocol
  7. Administration Procedures for Post-Authorisation Studies
  8. Follow-Up of Post-Authorisation Studies
  1. Amendments to the Protocol
  2. Follow-Up Reports and Final Reports
  3. Notice of Suspected Adverse Reactions
  4. Archiving of Study Documents
  5. Inspections

Interestingly, Section 8.5 of the guideline introduces the element of inspections by the Health Authorities of the Autonomous Communities to 'verify compliance with the statutory requirements concerning post-authorisation studies (EPA) carried out in Spain'.
Data Protection
General Considerations

Part I of the NIS Report, doesn't focus all that much on the data protection element of managing NIS.  However, due to popular demand this important area will be addressed in Part II (due out in December 09) and in the 2nd Edition of Part I of the NIS Report (due out 3Q 2010).

In accordance with Article 15.02(e) of the 2007 EFPIA Code of Practice (as implemented nationally): Local laws, rules and regulation on personal data privacy (including the collection and use of personal data) must be respected.

The implementation of the Data Protection Directive (95/46/EC) into national law means that the automated processing of sensitive data (such as health data) needs to be notified to, or even authorised by, the relevant national competent authority (Data Protection Agency).
Data Protection: Germany
2009 Update to the Federal Data Protection Act

Please note that the version of the German Federal Data Protection Act (BDSG - as of 15th November 2006) cited in Part I of the NIS Report is no longer valid.  The Act was updated in July 2009 in response to various data protection scandals which have recently hit the headlines.  This recent amendment came in to force on 1st September 2009.  An English translation of the updated Act is not yet available. However, the German version can be found at the website of the Federal Commissioner for Data Protection and Freedom of Information (BFDI).
Data Protection: Portugal

For sponsors of NIS in Portugal, attention is drawn to Articles 27 and 28 of the Act on the Protection of Personal Data (Law 67/98 of 26 Oct) which define the requirements for the prior notification to, and authorisation by, the Portuguese Data Protection Agency (Commissao Nacional de Protecção de Dados - CNPD) prior to processing sensitive data.  Refer also to Articles 7.1 and 7.2.
Improved Check-Out Process
If you recently purchased Part I of the NIS Report you may be aware that a server 'glitch' meant some of you didn't receive your purchased publication.  Please accept our apologies for the inconvenience.

We have updated the Shop checkout system to prevent a re-occurrence. When you now purchase a PDF report you are prompted to download the report during the checkout process. So if you don't receive your PDF report immediately please contact us at +44 (0) 1997 42 33 11 or at Please don't wait!