GDPR

Subscribe to GDPR

On 7 September 2020, the European Data Protection Board (EDPB) initiated a public consultation on draft Guidelines 07/2020 on the concepts of controller and processor in the GDPR. Any interested party could provide comments by 19 October 2020 using the dedicated form.

The draft Guidelines contain elements that are of interest for companies active in the life science sector as they may have an impact on comapnies’ day-to-day research and commercial activities in the EU and their compliance with Regulation (EU) 2016/679 (GDPR).
Continue Reading Draft EU guidelines on the concepts of controller and processor—key elements for life sciences companies

Today, the Court of Justice of the European Union delivered a landmark judgement with significant practical impact for companies transferring personal data outside the European Economic Area to the United States. The Court of Justice confirmed the validity of the Standard Contractual Clauses for transfer of personal data between a controller in the EU and a processor in a third country (e.g., the US) adopted by the European Commission in Decision 2010/87/EU. The Court has, however, invalidated European Commission Decision (EU) 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield.
Continue Reading The CJEU confirms the validity of the Standard Contractual Clauses but invalidates the EU-US Privacy Shield

Apologies that it has been a while since we’ve posted! We have lots in the pipeline, starting with this webinar.

Data and Its Impact on Medical Technology Companies Doing Business in the EU

Today’s medical technology industry is being transformed by data—clinical data, vigilance data, real world data and personal data. As such, there is

On 23 January 2019, the European Data Protection Board (EDPB) adopted an Opinion on the interplay between the Clinical Trials Regulation (CTR), which is likely to become applicable in 2020 (if not later), and the European General Data Protection Regulation (GDPR). The Opinion focusses on an area provoking much discussion since the GDPR came into force; that is, as we discussed in our previous blog, which legal bases under the GDPR are appropriate for processing personal data in the context of clinical trials?


Continue Reading GDPR and clinical trials—more clarity?

The General Data Protection Regulation (GDPR) entered into force on 25 May 2018 and, in the absence of any transition period, companies are now expected to be in full compliance with the new requirements. However, with key guidance from regulators only recently released or still in progress, and national implementing legislation enacted at the eleventh hour, developing a GDPR-compliant approach to consent in the context of clinical trials remains an ongoing project. This post reviews the guidance available to date.

Continue Reading Clinical trial consents under the EU GDPR: where do we stand?

The new General Data Protection Regulation 2016/679/EU (GDPR), which will apply throughout the EU from 25 May 2018, has strengthened the protection of individuals’ personal data. Data subjects have new rights to help ensure their data are processed securely and with adequate protections (such as the right to erasure of personal data—the “right to be