We recently attended a seminar in Brussels to examine the impact of the EU’s General Data Protection Regulation (GDPR) on the operation of R&D and science and on collaborative research in the EU and with its global partners. Our interest is in the cross-over between the GDPR and the regulations that govern our clients businesses such as the CFR’s, PIC/S and Eudralex to name a few. The GDPR entered into force on 24 May 2016 and will apply from 25 May 2018. The regulation is aimed at empowering the citizens as owners of personal data, as well as establishing legal certainty for business based on clear and uniform rules.
The GDPR will apply to all organizations in and outside the EU that deal with the personal data of EU individuals. Science-based and research organizations will need to take advantage of the two-year transition period up to 25 May 2018 to prepare for a significant increase in their data protection responsibilities and advance their privacy compliance programmes.