As outcome of an EudraVigilance audit performed by the European Data Protection Supervisor (EDPS) in the context of pseudonymisation procedures and personal data masking, the EDPS recommended to the Agency to adopt, together with the joint controllers (European Commission and competent authorities in Member States), a common masking policy that should be complied with by all entities reporting to EudraVigilance (hereafter referred to as “sender”).
This Addendum to GVP Module VI provides instructions to complement Section VI.C.6.2.2.10. on data protection laws. These instructions form an integral part of the guidance in GVP Module VI.
The Agency, in consultation with the joint controllers of EudraVigilance ,has assessed all ICH-E2B(R3) data elements (see Annex IV ICH-E2B(R3)) to determine if the information in the data elements is required in support of the pharmacovigilance and safety monitoring obligations set out in the EU pharmaceutical legislation (see VI.Add.II.2.).
More specifically, this assessment has taken into account the relevant obligations placed on the Agency, competent authorities in Members States and the Pharmacovigilance Risk Assessment Committee (PRAC) (see GVP Module I).
Requirements to process individual case safety reports (ICSRs) and to ensure adequate quality of the ICSRs (see GVP Module
VI) have also been reviewed.
All senders of ICSRs to EudraVigilance are expected to comply with the instructions set out in this Addendum to GVP Module VI, and the data fields to be masked or not to be provided should not go beyond the data fields described here.