EU MDR EUDAMED
An introduction to EUDAMED under EU MDR.
What is EUDAMED?
EUDAMED is an existing European database of medical device safety. It is scheduled for a comprehensive update following full implementation of the new Medical Device Regulation (MDR) 2017/745 (“the EU MDR”). EUDAMED was originally established by Article 14a of the Medical Device Directive MDD 93/42/EC.
In its existing form, EUDAMED is intended to be a central repository for information relating to market surveillance activities within each member state. The present EUDAMED system is accessible only to Competent Authorities and the EU Commission, meaning that it is not presently accessible to the general public; however this will change after full implementation of the MDR.
A central theme running through the EUDAMED is increased transparency of data on medical device performance. For this reason, the MDR requires that the EUDAMED system be updated to be accessible to the public and to the medical device industry as a whole.
What does the EU MDR require for the new EUDAMED system?
The basis for the new form of the EUDAMED system is in Article 33 MDR. It requires that the Commission takes responsibility for establishing the system. Article 33’s first substantive provision is that the EUDAMED system should
“…enable the public to be adequately informed about devices placed on the market…” underlining the central theme of data transparency that will guide construction of the new database.
Other major objectives for EUDAMED under the EU MDR include:
- Enable identification and traceability of medical devices on the market
- Store data about clinical investigations either currently underway or completed
- Collate information regarding serious incidents and field safety corrective actions (FSCAs)
- Act as a repository of information regarding analysis of trends of complaints and non-serious incidents relating to medical devices
- Having the capability to actively monitor information stored within the database to discern trends from the data
- Enable Competent Authorities to remain up to date with developments.
EUDAMED will function as a number of independent but linked electronic systems. These systems will include:
- A central register of medical devices
- The Unique Device Identification database
- Register of economic operators (Manufacturers and providers of associated functions)
- List of Notified Bodies and their certificates
- Electronic system on clinical investigations
- Electronic systems on Vigilance and Post-Market Surveillance (PMS)
- Electronic system on market surveillance
How will EUDAMED function?
Article 33 requires that data can be entered into the system by Member States, notified bodies, economic operators (e.g. medical device manufacturers) and sponsors of clinical investigations. Data will be accessible to the same entities as well as to the general public. The EUDAMED system will have the capability to collate and process information and is required by Article 33 to ensure that the sections available to the public are user-friendly and easy to search.
How will EUDAMED handle personal data?
Following the enactment of the GDPR, data protection is a top priority in Europe. The EUDAMED system is no exception to GDPR’s set of requirements.
Article 33 states that EUDAMED will only contain personal data to the extent that it is absolutely necessary for the function of the electronic systems within the database. It requires that personal data is stored in a form which permits identification of data subjects for the shortest possible periods.
Any subject whose personal data is stored on EUDAMED may exercise their right of access to any data relating to them, and can have any inaccurate or incomplete data corrected and erased. Article 33 requires that any corrections or deletions shall be carried out as soon as possible, but no later than 60 days after a request is made by a data subject.
For the purposes of data protection, the Commission is considered to be the data controller of EUDAMED and its various electronic systems.