National legal frameworks may further define the conditions under which health data may be shared, making provisions for specific safeguards that need to be in place without, however, being prescriptive of such safeguards. Member States should ensure they have measures in place to assure and evaluate their own compliance with both GDPR and national regulations.