Home / Life Sciences / Data protection and confidential information / Data protection and life sciences
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Related legal acts
View More View Less
Key definition
Data protection definition

What does Data protection mean? In legal practice, data protection describes the rules governing how organisations collect, use, share, retain and secure personal data, including employees’ information. In the UK this regime is set by the UK GDPR and the Data Protection Act 2018; in Ireland by the EU GDPR and the Data Protection Act 2018 (Ireland). The label is descriptive; core concepts (personal data, controller, processor, special category data) and obligations are defined in legislation. In employment, the employer is typically the controller and must identify a lawful basis (for example, contract, legal obligation or legitimate interests) and, for special category data,...

Read More Right Arrow

mHealth apps: UK and EU GDPR and ePrivacy compliance on special category health data, consent, transparency, controller and processor roles, privacy by design/default, secondary use, sharing, security and enforcement

Copyright © 2026 LexisNexis
Practice notes
imgtext

Developers, manufacturers and distributors in digital health—spanning mHealth apps and any associated Software as Medical Device (SaMD), Artificial intelligence (AI) system or Artificial intelligence as a Medical Device (AIaMD)—must meet stringent Data protection regulations in tandem with regulatory compliance across the entire lifecycle, from development through to commercialisation

This Practice Note concentrates on data protection and privacy issues for mHealth (mobile health) and also considers the tighter safeguards governing the collection of an individual user’s health data. It does not cover broader life sciences regulatory matters, such as those relating to medical devices

What is mHealth?

For related guidance, see:

  • Practice Note: Digital health—regulation of mHealth apps and medical software.
  • Practice Note: Mobile app development and data protection.
  • Practice Note: Digital health—data protection and privacy case studies, including wearables and AI diagnostic tools...
To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.
CONTINUE READING
Francesca Blythe
Francesca Blythe

Sidley Austin

FRANCESCA BLYTHE advises international clients on a wide range of data protection, privacy, cybersecurity, and emerging technology issues. She has in-depth experience across multiple industries, including asset management and private equity, payments, technology, retail, e-commerce, and manufacturing. Francesca has a particular focus on life sciences, where she advises on a broad range of issues in relation to clinical studies/investigations, secondary research, digital health, and use of novel technologies (including artificial intelligence). Francesca co-leads Sidley’s benchmarking group for in-house data privacy professionals (dplegal) in the life sciences sector.Francesca was previously in-house counsel at the largest international health and beauty retailer in Asia and Europe. While there, she regularly gave advice on compliance and strategies relating to data protection laws and assisted in the planning and delivery of a global privacy compliance project....

William Long
William Long

Sidley Austin

WILLIAM LONG is global co-chair of Sidley’s highly ranked Privacy and Cybersecurity practice and heads the EU Data Protection group. He is also a member of the firm’s top-ranked Crisis Management and Strategic Response team, and he serves on the Steering Committee of the firm’s AI Working Group. William advises international clients on a wide variety of AI, GDPR, cyber incident, data protection, privacy, information security, social media, e-commerce, and other regulatory matters.William has been a member of the European Advisory Board of the International Association of Privacy Professionals (IAPP) and on the DataGuidance panel of data protection lawyers. He is also on the editorial board of e-Health Law & Policy and also assists with dplegal (“data privacy” legal), a networking group of in-house lawyers in life sciences companies examining international data protection issues. William was previously in-house counsel to one of the world’s...

Web page updated on 21/05/2026

Popular documents

Using the Judicial College Guidelines to assess general damages in personal injury claims

When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...

Read More Right Arrow
Tomlin orders in England and Wales: CPR guidance on drafting, confidentiality, approval, variation, enforcement, limitation, CCA issues, court-specific requirements, sample wording and precedents

This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...

Read More Right Arrow
Precedent: Deed of Surrender of Lease with Optional Premium, Settlement and Release, Landlord, Mortgagee and Guarantor Consents, Reimbursement and HM Land Registry Provisions (England and Wales)

Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...

Read More Right Arrow
Precedent Statutory Declaration: Standard Wording under the Statutory Declarations Act 1835

I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...

Read More Right Arrow

Discover more from LexisNexis