What is GDPR?
The European Union (“EU”) General Data Protection Regulation (GDPR) is European privacy legislation that replaces the 1995 EU Data Protection Directive. The GDPR enhances the privacy right of EU residents by creating uniform data protection rules.
When does GDPR take effect?
The GDPR will take effect on May 25, 2018, and affects any company, organization, or government agency that collect or process the personal data of residents of the EU.
What’s new under GDPR?
GDPR builds upon existing EU privacy and data protection law, but also includes several new requirements. The following are just some of the new requirements under GDPR:
- Increased territorial scope
- Individual rights for data subjects
- Data breach notification
- Privacy by design
- Strict penalties for non-compliance
Who does the GDPR apply to?
The GDPR will apply to all organizations operating within the EU, or organizations outside the EU that offer goods and services to EU residents. This applies to the collection and processing of personal data, which includes any information relating to an identified or identifiable individual.
The GDPR, however, does not apply to certain activities covered under law enforcement, national security, and processing carried out by individuals purely for personal or household activities.
Additionally, there are still exceptions for data collection and use of personal data for medical research without consent if it is considered in the best interest of the public. Currently, there has not been any directive released if patients previously enrolled in clinical trials must be re-consented if the original informed consent form does not meet all GDPR standards.
What information does the GDPR apply to?
The GDPR applies to the processing of Personal Data and Sensitive Personal Data. Personal Data is defined by the GDPR as any information relating to an identifiable person, identified directly or indirectly. This includes
- personal data such as: name, identification number, location data, or online identifier.
- Sensitive Data under the GDPR is a special category of Personal Data and includes religious affiliation, medical and genetic data, and biometric data that when processed to uniquely identify an individual.
How is FSR preparing for GDPR?
strong focus on data security and system security to date serves as a strong foundation for our compliance with GDPR and related privacy guidance going forward. We are also working closely with internal and external subject matter experts in multiple jurisdictions to stay apprised of the latest developments, and to monitor EU member states rulings and interpretations of the relevant guidance as it becomes available. In addition to these efforts to date, FSR has an ongoing commitment to data privacy protections, compliance and security, and will continue to implement measures as appropriate in the future.
Where do we stand?
FSR is committed to complying with all applicable GDPR rules and regulations. We are working diligently to ensure our policies, procedures, internal operations, and third-party relationships adequately address the GDPR data protection principles. FSR is also committed to working with our website visitors, clients, and business partners to identify opportunities to assist them in identifying, meeting, and managing their GDPR compliance obligations as well.