The General Data Protection Regulation—application in the life sciences sector
Produced in partnership with Elinor Pecsteen and Cristiana Spontoni of Jones Day (Brussels)
The General Data Protection Regulation—application in the life sciences sector

The following Life Sciences guidance note Produced in partnership with Elinor Pecsteen and Cristiana Spontoni of Jones Day (Brussels) provides comprehensive and up to date legal information covering:

  • The General Data Protection Regulation—application in the life sciences sector
  • Scope of the GDPR
  • Key novel concepts and their relevance for the Life Sciences sector
  • Obligations on life sciences companies which are data controllers and/or data processors

In May 2016, the General Data Protection Regulation, Regulation (EU) 2016/679, (GDPR) came into force, introducing a number of changes in EU data protection law. The GDPR is directly applicable and enforceable in all EU Member States as of 25 May 2018, replacing the rules set out in Directive 95/46/EC (Data Protection Directive) and the Data Protection Act 1998 (DPA 1998).

The changes brought by the GDPR impact on many businesses involved in the processing of personal data. Such changes are particularly relevant for life sciences companies which often collect and/or use significant amounts of health-related data regarding individuals (or ‘data subjects’) such as, for example, patients and clinical trial subjects. For more information about the interplay between clinical trials and data protection, see Practice Note: Conducting clinical research—data protection implications.

This Practice Note gives an overview of those important changes that are provided in the GDPR which affect life sciences companies and their businesses directly. This Practice Note does not provide a comprehensive discussion of all changes provided for in the GDPR and should be read in conjunction with the following Practice Notes: The General Data Protection Regulation (GDPR), Data protection principles under the GDPR, GDPR compliance—standard of consent and GDPR compliance—obtaining, recording and managing consent.

Scope of the GDPR

The GDPR applies to the processing of personal data that is automated

Related documents: