10/11 October 2023
The UK Medicines and Healthcare products Regulatory Agency (MHRA) has detailed its data privacy policy. The authority released the document on the day the EU General Data Protection Regulation (GDPR) came into force: May 25, 2018.
The document sets out from whom MHRA collects data, what types of data it processes, how it uses the data and which groups it may share the information with. In providing a full account of how data flows through its organization, MHRA has revealed the extent to which it relies on the processing of personal information to perform its regulatory functions.
The MHRA lists 15 groups from which it collects personal data:
The MHRA collects (and stores) personal data when using the Agency’s website or contacting MHRA through other channels to perform its regulatory functions, process requests and promote its services. The collected data include, for example, bank details, educational/professional qualifications and IP address and location. MHRA also processes more sensitive types of personal information like political opinions and genetic data or biometric data.
The agency may share the data with more than 25 groups, including credit reference agencies, debt collectors, trading standards and the European Medicines Agency (EMA). MHRA states it shares data “where necessary, required and within the law.” The agency’s document refers repeatedly to how its policy fits with data protection rules.
More information can be found in the Transparency Data - MHRA Privacy Notice.