Data Protection Day (28 January): privacy in clinical research is not a separate legal topic. It is part of how we keep data reliable, reproducible, and usable.

In practice, good data protection is built from a few boring but consistent habits:

1. Start with a simple data map:
What we collect, where it moves, who can access it and which agreements cover each transfer.

2. Plan for sharing early:
What can be shared, when, and via which access model.
Not every dataset belongs in an email.

3. Collect only what’s needed:
Minimize identifiers, keep direct identifiers out of analysis paths, and sanity-check re-identification risk.

4. Treat transfers and outputs like releases:
versioned packages, reconciliation checks, sign-off, and a clear trail from raw data to CSR.

5. Store context with the data:
Protocol, SAP, specifications, and code versions should travel together, so reuse does not turn into guesswork months later.

Good privacy hygiene protects participants, but it also saves teams time: fewer audit surprises, fewer “which file is final?” threads, fewer last-minute redactions.
If you’re building processes for E6(R3), data governance is no longer optional.