Nathan Lea is the Information Governance Lead at The European Institute for Innovation through Health Data (i~HD). Drawing from his 25+ years of experience in Digital Health, backed by a masters in Computer Science and a PhD in Information Governance and Security, Nathan has become a widely renowned figure in regulatory affairs for clinical data and patients’ privacy rights.
As part of our new series of interviews with GenoMed4All partners, Nathan reflects on the role he’s had during the project, his contributions and main learnings, and his expectations for the project’s impact after it’s officially completed in June 2025.
Work package leadership and interdisciplinary collaborations
Over the past few years, I’ve been deeply involved in leading Work Package 2, looking after compliance, data governance and ethics.
My main focus has been to help the consortium develop a complete understanding of what we’re trying to achieve, how we’re doing it, and why it matters. That starts with understanding how data flows through the project, but it goes far beyond that. It’s about building a shared sense of purpose, ensuring that everyone, regardless of their role, understands what’s being done, with what data, and toward what end.
In multi-partner projects like this one, it’s easy for teams to get siloed. But GenoMed4All really brought together people who might never have collaborated otherwise, and we managed to create something cohesive, something greater than the sum of its parts. Even those not directly involved in data governance came to appreciate the importance of, for example, how informed consent at the beginning of a process affects tool development further down the line.
That kind of mutual understanding doesn’t come from compliance checklists or rigid directives. It comes from dialogue. From saying, “Let’s figure this out together.” That’s the approach we’ve taken throughout WP2 — not as enforcers, but as facilitators of shared responsibility and practical alignment.
Building a shared understanding to protect clinical data
I’ve been constantly impressed by the humility and collaboration within this consortium. Our partners brought extraordinary experience — deep knowledge of diseases, research protocols, patient engagement — but never once used it to dominate a conversation. Instead, they offered their insights in ways that strengthened what we were doing together. It created an environment where it felt safe to explore uncertainties and work toward clarity as a group; that’s not something I take for granted.
A lot of our work came down to experience and practicality. We didn’t start from scratch; instead, we used proven tools like data protection impact assessment (DPIA) templates that have been refined over years of working with clinical and health data. We also leaned on existing resources from the European Commission, such as their templates for joint controller agreements.
The goal was never to burden partners with extra processes, but to help legal, regulatory and data protection teams do their work more effectively — having worked in one of those teams myself, I know how overstretched they can be. Offering well-prepared templates, asking who their data protection officers are, and building relationships early on made it easier to move quickly while still doing things properly.
Ultimately, we were able to support a governance model that respected both innovation and institutional due process. We made it clear that while we would conduct a project-wide DPIA, each partner still had to do their own. We weren’t dictating from the top, we were building a toolkit for everyone to adapt and use.
Main takeaways from this 4-year journey
Personally and professionally, GenoMed4All has left a lasting impression on me. It’s deepened my appreciation for due process — not as red tape, but as the structure that enables meaningful innovation. In the rush to develop AI and data-driven tools, it’s easy to dismiss procedure as a barrier. But in truth, those processes are what make responsible, impactful work possible.
This project has also reinforced the importance of humility and collaboration. Though I’ve often said “I lead this” or “I lead that,” the truth is that leadership in GenoMed4All has always been shared. Every success we’ve had has come from people stepping up with their own expertise and contributing to something bigger. It’s a model I’ll carry with me, and one I hope to replicate in future work.
And perhaps most importantly, this project has reminded me that governance itself must evolve. We can’t apply outdated, intrusive models to fast-moving, collaborative, digital health environments; we need innovation in ethics and data protection too. GenoMed4All has shown that it’s possible, and I’m proud to have been a part of this journey.
The legacy of GenoMed4All going forward
As the GenoMed4All project draws to a close, I’ve found myself reflecting on what we’ve built together and what we’re leaving behind. Now, as we finalise our deliverables and recommendations, I hope the tools and insights we’ve developed will serve as a foundation for others navigating this space, particularly as new regulations like the AI Act begin to take shape.
We may not fully understand the impact of that legislation for another few years, once implementing acts are in place and case law starts to form, but the work we’ve done here gives people a chance to begin thinking critically about how AI can and should be used in healthcare — and just as importantly, what its limitations are.