Background The European Union's general data protection regulation (GDPR) came into effect in May 2018. It is intended to prevent the unwanted sharing of private data and it has significant implications for healthcare research. A well-established research methodology that GDPR is likely to affect is the retrospective reviewing of patients' data. This has been used widely in healthcare research and commonly involves examining patients' medical records. Aim To examine GDPR and its potential effects on the use of patients' data in healthcare research. Discussion Previous misuse of patients' data has affected public confidence in healthcare research. GDPR is intended to improve the public's confidence in the handling of their data, but it may negatively impact healthcare research. Researchers who want to review patients' data will need to consider consent issues carefully. GDPR does include exceptions to the rules of consent, but there is uncertainty about this process. Conclusion If GDPR results in stricter requirements to achieve patients' consent in research, the validity of some studies may be affected. Nurse researchers and organisations may need to consider innovative ways of engaging patients in research. Implications for practice Research using patients' data has played an important role in shaping nursing and healthcare policy and practice. Imminent Europe-wide changes prompted by GDPR could affect how patients' data are used in research.
- Data collection
- Ethical issues