What is GDPR?
The European Union’s General Data Protection Regulation 2016/679 (the GDPR) contains new data protection requirements that extend the scope of the EU data protection law to all foreign companies processing personal data of EU residents (i.e. All EU countries including the UK (despite Brexit) are required to work under the new data laws.)
When does it commence?
The GDPR was passed by the European Parliament in April 2016 and is currently undergoing a two-year transitional period. The new law commences on the 25 May 2018. Any business found in breach of the law will be liable for fines of up to 4% of worldwide annual turnover.
Who is affected?
The GDPR applies to all businesses that process data and operate within the EU. It also applies to any business that monitor EU residents or offer goods or services to EU residents.
What does it mean for Australian Research companies?
Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU.
For AMSRO member companies the GDPR and the Australian Privacy Act 1988 (or the Privacy Coshare many common requirements, including to:
There are also some notable differences, including certain rights of individuals (such as the ‘right to be forgotten’) which do not have an equivalent right under the Privacy Act.
Australian businesses should determine whether they need to comply with the GDPR and if so, take steps now to ensure their personal data handling practices comply with the GDPR before commencement.
Example: Australian businesses that may be covered by the GRPR include:
What does it mean for conducting research in the EU?
Under the GDPR, all researchers, whether employed within an agency, working independently or based within a client’s research department, need to ensure that they understand the legal basis being used for collecting, using, storing, sharing or otherwise processing personal data at all stages, as part of their research project.
AMSRO WEBINAR (ONLY FOR AMSRO MEMBER COMPANY EMPLOYEES) – 18th APRIL 2018 – REGISTRATION
This webinar is kindly supported by CINT
AMSRO (EU) member company CINT has kindly shared the following resource https://www.cint.com/general-data-protection-regulation
If your company is conducting work in the EU and or the UK we recommend the following sources for further information: