News

News

The Adventure Continues for PharMarketing GDPR Life Sciences Data Protection, Data Privacy!


We are proud to announce the signing of our 88th client!


We would be thrilled to have you as one of our future partners. Contact us to explore the possibilities!


📩 contact@pharmarketing.net






23 July 2024

New consultant in our team!

We're thrilled to introduce our newest consultant, Valérie Isabelle!


We welcome Valérie with excitement to our team here in the Paris region. With her impressive background holding a Ph.D. in Biology, she brings a wealth of knowledge and expertise to our consultancy.



Learn more about Valérie by reading her biography


3 April 2024

We grew from 0 to 82 customers and to a team of 26 senior scientific consultants across Europe. 


We would like to send a big thank you to all our clients, to our exceptional team and to our partners who could make this fast growth possible.

 

Over the years, we added several competencies: Privacy of course, in Europe and outside of Europe, and also QualityAssurance, raining, legal Representation, Computerised System Validation (CSV), itsecurity, datamanagement, Audits, Clinical Operations, Laboratory Management and Inspection Readiness. 


PHARMARKETING is now an operational consulting company based in France and in Romania, operating globally, exclusively dedicated to life sciences and healthcare. 99% of our clients run clinical trials. Our clients range from clinical stage and commercial stage pharmas, medical device, diagnostics cosmetics food supplements, but also CROs and software companies, private or academic. Our advices span all departments, from R&D to sales through procurement, inventory, manufacturing, HR, finance, marketing, etc.

6 December 2023

35th anniversary of AFAR

PharMarketing was at the 35th Anniversary Party of the AFAR, the French Regulatory Affairs Association on 16 November 2023.

16 November 2023

World 3rd Fastest Computer Lauched Today in Finland


Breaking! 14 June 2022: World 3rd Fastest SuperComputer Launched Today in Finland. Executive Vice-President for a Europe fit for the Digital Age Margrethe Vestager said: Thanks to its massive computing capacity, Lumi will enable scientific breakthroughs in for instance medicine and climate research at a much faster pace. It could be in the development of vaccines, diagnosis of cancer, or mitigation of the effects of climate change.


For more information on the latest news, subscribe to our newsletter by contacting us at contact (at) pharmarketing.net

CNIL : étude sur données de Géolocalisation collectées par applications mobiles


13 juin : La CNIL - Commission Nationale de l'Informatique et des Libertéslance une étude sur les données de géolocalisation collectées par des applications mobiles.


Comme annoncé dans son plan stratégique 2022-2024, la CNIL souhaite rendre visibles les flux de données des applications mobiles.

Le principal objectif de ce projet est de sensibiliser le public et les professionnels sur les enjeux liés à la collecte de données de géolocalisation par les applications mobiles. Un projet qui durera 15 mois à l’issue desquels les données seront supprimées.


Pour plus d'informations sur cet article, veuillez consulter ce lien :

https://lnkd.in/eBUBAifY


Pour plus d'informations sur les dernières actualités, inscrivez-vous à notre newsletter en nous contactant à l'adresse: contact (at) pharmarketing.net

EDPB to Discuss tomorrow on Personal Data Transfers to Russia


Breaking: European Data Protection Board EDPB to Discuss tomorrow on PersonalData Transfers to Russia. Wait for infos in the next days. See agenda here :


For more information on this article, please consult this link:

https://lnkd.in/eakFVv4f


For more information on the latest news, subscribe to our newsletter by contacting us at contact (at) pharmarketing.net

13 June : the UK Health Research Authority HRA has launched a public conversation


Today 13 June the UK Health Research Authority HRA has launched a public conversation about how research ethics review could be changed to make it better for researchers, ethics committee members and people taking part in research. Complete the survey now (until 23 September)!


For more information on this article, please consult this link:

https://lnkd.in/eex-gM3v


For more information on the latest news, subscribe to our newsletter by contacting us at contact (at) pharmarketing.net

Fiscalité Pharma : La France dernière en Europe


Étude PWC Leem : Fiscalité comparée des entreprises du médicament en France et en Europe : une nouvelle fois la France en dernière position des pays européens en matière de politique fiscale


GDPR USA Maryland: the Personal Information Protection Act (PIPA)


GDPR USA Maryland: the Personal Information Protection Act (PIPA), was enacted to make sure that Maryland consumers' personal identifying information is reasonably protected, and if it is compromised, they are notified so that they can take steps to protect themselves.


As the crime of identity theft has grown, lawmakers have worked to protect consumers' personal information from identity thieves. The Personal Information Protection Act (PIPA), Md. Code Ann. Com​m. Law 14-3504, was enacted to make sure that Maryland consumers' personal identifying information is reasonably protected, and if it is compromised, they are notified so that they can take steps to protect themselves. PIPA contains provisions for notification of consumers in the event of a data security breach and for reasonable security measures to protect consumers' personal identifying information.


For more information on this article, please consult this link:

https://lnkd.in/efASaZEA


For more information on the latest news, subscribe to our newsletter by contacting us at contact (at) pharmarketing.net

GDPR Google Analytics


GDPR Google Analytics peut-être utilisé si un serveur Proxy est correctement mis en place, et que les informations envoyées à Google sont Pseudonymisées


For more information on this article, please consult this link:

https://lnkd.in/e6KQphdN


For more information on the latest news, subscribe to our newsletter by contacting us at contact (at) pharmarketing.net

GDPR Google Analytics


GDPR Google Analytics Can be Used if a Proxy Server is correctly Set up, @CNIL says, so that the information sent to Google is Pseudonymised.


For more information on this article, please consult this link:

https://lnkd.in/e6KQphdN


For more information on the latest news, subscribe to our newsletter by contacting us at contact (at) pharmarketing.net

European Commission ’s MDCG


European Commission ’s MDCG clarifies IVDR requirements for using medical tests in clinical trials 

https://lnkd.in/eqT2tw-7  Medical Device Coordination Group


GDPR 8 and 9 June: 1st Regulatory Dialogue EU


GDPR 8 and 9 June: 1st Regulatory Dialogue EU - Western Balkans on Information Society and Media - "The need to prioritise … Free Flow of Data was highlighted" 


A core objective of the European Union’s engagement with the Western Balkans is to prepare them to meet all the requirements of membership. 

During the first day of the Dialogue, discussions focused on the European Electronic Communications Code, the Broadband Cost Reduction Directive, and developments in 5G, The EU Cybersecurity Act, the Network and Information Society Directive and the 5G toolbox. On the second day, panelists had an interactive session on the Digital Services Act and Digital Market Act, the Data Governance and Data Act and on European digital identity.


For more information on this article, please consult this link:

https://lnkd.in/e3j8Eqda


For more information on the latest news, subscribe to our newsletter by contacting us at contact (at) pharmarketing.net

EU Data Governance Act Published in Official Journal - 16 May 2022


16 May 2022: EU Data Governance Act Published in Official Journal.


After the European Parliament, the Council today approved a new law to promote the availability of data and build a trustworthy environment.


The Data Governance Act will create a mechanism to enable the safe reuse of certain categories of public-sector data that are subject to the rights of others.


The DGA creates safeguards for public-sector data, data intermediation services and data altruism organisations against unlawful international transfer of or governmental access to non-personal data. For personal data, the EU already has similar safeguards under the GDPR.

The Commission may also adopt model contractual clauses to support public-sector bodies and re-users in the case of transfers of non-personal data covered by the DGA to third countries.


Read more in the next FREE PharMarketing GDPR Life Sciences monthly #Newsletter.


For more information on the latest news, subscribe to our newsletter by contacting us at contact (at) pharmarketing.net

PharMarketing GDPR Life Sciences to give an Online training at Fleming Conferences - 12 - 14 April 2021

Subject of the training: "Data Privacy & Data Integrity in Clinical Trials"

Dates and times: 12 - 14 April 2021 8:30 – 12:30 CEST (Central European Summer Time)

See agenda and register to the training here.

More information: contact (at) pharmarketing.net


PharMarketing GDPR Life Sciences signs its first client in Africa!

PharMarketing GDPR Life Sciences signs its first client in Africa!

PharMarketing GDPR Life Sciences, member of France Biotech and of the UK BIA, a consulting firm specializing in RGPD and GxP compliance, has just signed its first client in Africa: it is CRO Tecro Research, specialized in biometrics for medical research (http: / /tecro-research.com/), based in South Africa.
Tecro was created in 2016 and has around ten employees with experience in clinical data management and biostatistics. As Tecro started to manage clinical databases for trials recruiting in Europe, the CRO had to comply with the GDPR and have a legal representative in the EU and in the UK. These are the services that PharMarketing will deliver for Tecro in a few days deadline.

After Europe, America and Asia, PharMarketing now has clients based in 4 continents.

More information: contact (at) pharmarketing.net

PharMarketing GDPR Life Sciences signe son premier client en Afrique ! 

PharMarketing GDPR Life Sciences, membre de France Biotech et cabinet de conseil spécialisé en conformité RGPD et GxP, vient de signer son premier client en Afrique : il s’agit de la CRO Tecro Research , spécialisée en biométrie pour la recherche médicale (http://tecro-research.com/). , basée en Afrique du Sud. 
Tecro a été créée en 2016 et a une dizaine d’employés expérimentés en data management clinique et en biostatistiques. Tecro gérant des bases de données cliniques pour des essais recrutant en Europe, la CRO devait se mettre en conformité au RGPD et avoir un représentant légal en UE et en UK. C’est la mission que PharMarketing assurera pour Tecro en quelques jours. 

Après l'Europe, l'Amérique et l'Asie, PharMarketing a maintenant des clients basés dans 4 continents.
Plus d’informations : contact (at ) pharmarketing.net


The Dec20 / Jan21 Free Newsletter @PharMarketing GDPR Life Sciences will be issued shortly! 

All the lastest news on the post Brexit transition period and International Transfers.

To receive it, contact us at contact(at)pharmarketing.net
MabDesign the French Immunotherapy Network publishes an announcement on PharMarketing

19 May 2020 - MabDesign is the French network of biotechs dedicated to oncology and Car-T. Today, MabDesign published an announcement of PharMarketing, a member of this network.

Read more on MabDesign here.
Bundesinstitut für Arzneimittel und Medizinprodukte (BfArM) publishes guidelines for Digital Health applications

7 May 2020 - Following the Digital Care Act (DVG) and Digital Health Applications Ordinance (DiGAV) of Dec 2019, the Bundesinstitut für Arzneimittel und Medizinprodukte (BfArM) published today guidelines for #DigitalHealth applications. The BfArM procedure is designed as a "Fast Track": The evaluation time for the BfArM is three months after receipt of the complete application.  
A DiGA is a medical device that has the properties described ion the BfArM website.
Digital health applications ( DiGA ) open up a wide range of possibilities to support in the detection and treatment of diseases and on the way to a self-determined healthy lifestyle. DiGA are thus "digital helpers" in the hands of the patient.

With its guide, the BfArM provides a summary of the regulations that can be found at various points in SGB V, in the DiGAV and in the annexes to the DiGAV. Applications for inclusion in the directory are made exclusively electronically via an application portal.
73 million patients can be prescribed DiGA care and will be reimbursed. read more

read more on BfArM page here.

To keep abreast of all news, subscribe to our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
Coronavirus: European Commission issues guidance to mitigate Clinical Trials disruption in the EU

28 April 2020 - Coronavirus: European Commission issues guidance to mitigate #clinicaltrials disruption in the EU: 

3 key points: 
1) Distribution of medicines to patients, 
2) Remote source data verification (SDV), 
3) Communication to authorities (on patient safety).

Download guidance here.

To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
EDPB response to the US on the transfer of personal data for Scientific Research to combat COVID-19

24 April 2020 - Mark W. Libby Chargé d’Affaires, a.i United States Mission to the European Union, had asked the EDP aon the transfer of personal data for the purpose of scientific research and the development of vaccines and treatments to combat COVID-19.
The EDPB replied that Guidelines 03/2020, in particular Section 7 on international data transfers provide the framework for such transfers.
The EDPB tackled this topic in detail in its recently adopted guidelines (03/2020) on the processing of health data for scientific research. In its letter, the EDPB reiterates that the GDPR allows for collaboration between EEA and non-EEA scientists in the search for vaccines and treatments against COVID-19, while simultaneously protecting fundamental data protection rights in the EEA. 

When data are transferred outside of the EEA, solutions that guarantee the continuous protection of data subjects’ fundamental rights, such as adequacy decisions or appropriate safeguards (included in Article 46 GDPR) should be favoured, according to the EDPB. 
However, the EDPB considers that the fight against COVID-19 has been recognised by the EU and Member States as an important public interest, as it has caused an exceptional sanitary crisis of an unprecedented nature and scale. This may require urgent action in the field of scientific research, necessitating transfers of personal data to third countries or international organisations. 
In the absence of an adequacy decision or appropriate safeguards, public authorities and private entities may also rely upon derogations included in Article 49 GDPR

Access article here.

To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net




French Magazine Pharmaceutiques publicised the nomination of the Founder of PharMarketing as President of French Medical Professionals Association AMMIS (ammis.assoconnect.com). Published in the issue N°276 of April 2020.


More information on AMMIS:

https://ammis.assoconnect.com/page/295108-prochaines-reunions


http://www.pharmaceutiques.com/
PharMarketing GDPR Life Sciences  to be part of #PartneringAgainstCOVID19

23 April 2020 - PharMarketing GDPR Life Sciences is proud to help with #Compliance, #GDPR and EU #Legal representation in #clinicaltrials and in #COVID19 projects. We are glad to be part of #PartneringAgainstCOVID19 to discuss new projects and pipelines in this field. We hope we meet you there. For immediate assistance, please contact us at contact(at)pharmarketing.net or via our website https://login.inova-event.com/inova-business-platform/webclient/#/bio

To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
EMA published notice on Validation and Qualification of Computer System used in Clinical Trials

17 April 2020 - Given recent inspection findings and the implications they have had on the integrity, reliability, robustness and acceptability of data in the context of MAAs, the GCP Inspectors Working Group (IWG) in cooperation with the Committee for Medicinal Products for Human Use (CHMP) sees the need to emphasize requirements for sponsors/vendors providing computerised systems or services as well as for the qualification and validation of computerised systems used to manage clinical trial data.
Findings:

  •     Lack of documentation (or access to documentation) of qualification activities
  •     Insufficient contractual arrangements

Conclusion of EMA: If appropriate contracts cannot be put in place, e.g. because a vendor does not allow provision of adequate measures as listed above (access to system requirements specifications, prequalification audits, access for GCP inspectors, etc.) and set out in Q&A # 8, systems from such a vendor shall not be used in clinical trials.


To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
The French CNIL publishes New HR Guidance Document - Organisations will need to do a Gap Analysis between their HR processes and these Guidelines and re-certify to the CNIL

15 April 2020 - CNIL, the French Data Protection Authority, issued its new HR guidance document.
It replaces the NS46 'Simplified Norm' (or 'Norme Simplifiée), which was not valid anymore since GDPR came into force on May 2018 anyway.
Let's remind that all authorisation procedures from the CNIL from before May 2018 are valid only for 3 years after an organisation sent a compliance declaration to the CNIL.
If the business process is still the same (e.g.employee appraisals, payroll software, electronic badges system, , etc.), then it's ok.
But it is very rare that an organisation will keep the business processes exactly the same for more than 3 years.
In that case, organisations need to document in their GDPR documentations the changes incurred sinces they made the compliance declaration to the CNIL, or , if the CNIL issued a new guidance document (for example for the vigilances), the organisation should again send a compliance declaration to the CNIL.

Feel free to contact us for more details via contact(at)pharmarketing.net, as we are regularly in touch with the lawyers of the French Data Protection Authority.
 
Key takeaways from the new HR Guidance document:
The new Guidance document applies to both public (= Government owned) and private organisations.
It doesn't include specific processes that are already subject to specific rules and guidances such as:
  •     Access control to work premises with biometry systems,
  •     Whistle blowers inside professional work,
  •     CCTV,
  •     Listening and recording of phone calls,
  •     Algorithms to predict the behavior or productivity of employees,
  •     Invasive processes,
  •     Processes using innovative new technologies.

Compared to NS46, the perimeter is larger, because it includes also payroll and key recruitment processes. The new document details the legal basis that can be used for the different processings. It provides also more information to understand when a DPIA should be drafted for a given HR process.


To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
Greece: 5000 Euros fine on Speech Therapy Center for Not Complying with Parents' access to Minor Child Information

20 March 2020 - The Greek DPA imposed a fine of 5000 Euros on Toyfas, a Speech therapy Center for children ((Κέντρο Λογοθεραπείας) because 
  1. did not satisfy it parental right of access exercising the parental care in the data of the minor of his child and
  2. did not comply with relevant recommendation of the Authority. Specifically, the Center did not grant the father who had parental responsibility upon request laccess to the last sessions speech therapy to which his minor child was subjected.
The father also wanted to have access to tax documents where the child's name was mentioned.
The denial of the Center was due, in particular, to the lack of consent of the mother, but then the Greek DPA stated that the Center should satisfy the right of the father, but the Center continued to refuse.
The Authority ruled out that it did not exist a valid reason for restricting the right of the father to access the requested information.

To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
NHS Coronavirus App: UK memo to Give Ministers Possibility to 'De-Anonymise' Users

3 April 2020 - Article by David Pegg and Paul Lewis, The Guardian - A draft government memo explaining how the NHS contact-tracing app could stem the spread of the coronavirus said ministers might be given the ability to order “de-anonymisation” to identify people from their smartphones, the Guardian can reveal. Produced in March, the memo explained how an NHS app could work, using Bluetooth LE, a standard feature that runs constantly and automatically on all mobile devices, to take “soundings” from other nearby phones through the day. People who have been in sustained proximity with someone who may have Covid-19 could then be warned and advised to self–isolate, without revealing the identity of the infected individual.
At the time when we write these lines, the ICO did not issue a statement on that.

To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
Coronavirus: Norway Health Ministry develops Mobile Phone Tracking System

27 March 2020 - New tracking app to prevent coronary infectionIn the Cabinet of Ministers today, a regulation was adopted which opens up the possibility of establishing an automated tracking system based on mobile phone tracking and downloaded application (app). It is the Public Health Institute, in collaboration with other players, that is developing the app that can help reduce the time spent on infection detection.- The app can be a useful tool for saving lives, but it is important that there is full transparency about what data is collected and what they are used for, says Bjørn Erik Thon, Director of the Data Inspectorate.
The measure involves automated tracking of persons with whom infected persons have been in close contact. In an article from the Norwegian Institute of Public Health, it is pointed out that the measure could replace large parts of the manual work that takes a lot of capacity and make it possible to alleviate broad societal restrictions at an earlier stage.
It should be voluntary for the individual to download the app ==> consent
- Before the app is downloaded, users must have clear and complete information about what information is collected, what purpose the data will be used for and storage time. They also need to be informed about the possibility and consequences of withdrawing the consent, says Thon.
We have here sensitive data collected (geolocation, healthcare data)
Question: Will this Geocation System be complementary to the one from the EU Commission, or will it in addition?
Read more (in Norwegian)

To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
EC to postpone MDR for one year

26 March 2020 - European Commission spokesman Stefan De Keersmaecker said the EC is planning to postpone the #MDR #medicaldevices Regulation for one year.
To receive our GDPR Life Sciences free Newsletter write to contact (at) pharmarketing.net
German Infection Protection Act will reduce Data Privacy Protection, BfDI warns

23 March 2020 - In view of the Corona crisis, the Infection Protection Act should be quickly adapted to the new situation. In the version now approved by the Federal Cabinet, restrictions on the fundamental right to data protection are planned: for example, the news version does not plan the deletion of data that are collected from travelers; also, the text doesn't include rules and safeguards for collecting data from mobile devices.
To receive the Newsletter write to contact@pharmarketing.net
French Pharma Laboratoires Genevrier wants to access Identifiable Patient Data from Pegase Study; Paris Court to decide on 5 March

25 February 2020 - In 2008, French Healthcare Authority HAS evaluated the Chondrosulf,as not enough beneficial to patients. Chondrosulf, one of the key drugs sold by Laboratoires Genevrier., targets symptomatic slow-acting anti-arthritis.  The HAS asked Genevrier and other pharma companies producing similar drugs to conduct an observational study to further confirm the benefits of the drug. This study was conducted by CRO Laser in 2010. Following that study, the HAS decided not to pay anymore for the Chondrosulf and similar drugs. 8 drugs are affected by the opinion of the Transparency Commission, see here. Genevrier then asked Laser to provide the identifiable patient data from the Pegase study, which Laser refused to do. In 2019, Paris Commercial Court decided in favor of Genevrier, a decision Laser appealed.The final decision of the Court is expected on 5 March 2020.This will be a key decision in the light of GDPR and GCP, and patient privacy in general.
Read article (in French)
PharMarketing sponsors the AMMIS RWE Conference - Paris, France - 17 March 2020

The AMMIS (Association des Métiers Médicaux des Industries de Santé) is the only independent French professional association dedicated to Drug Development, Medical Affairs, and more generally to professionals working in Pharma, Medical Devices, Nutrition, Diagnostics,...
AMMIS is the only professional association of its kind to be recognized by the LEEM, the French Professional Body representing the Pharmaceutical Industry
It doesn't target only physicians or pharmacists.
Everybody is welcome: PhDs, Engineers, Masters in Biology, Lawyers, etc.
The AMMIS was launched one year ago, and now has 120 members.

After the success of the first RWE (Real World Evidence) seminar in June with 60 participants, by popular demand the AMMIS organises a follow up on 17 March 2020 with the following speakers:

  •    Stephanie Combes, Director of the 'Health Data Hub' program, French Ministry of Health
  •    Peggy Baudoin, Scientific Project Director, CEA,
  •    Muriel Licour, Europe Director Epidémiology, Real World Evidence, AstraZeneca
  •    Hervé Maisonneuve, Whistleblower
  •    David Perol, Clinical research and Innovation Director, Centre Léon Bérard (Unicancer)
The seminar will take place at Unicancer facilities in Kremlin-Bicetre near Paris.
We expect 60 participants from academic organisations, CROs and sponsors.
Register now to this event to secure your seat! Conference pass is 70 Euros and gives access to all activities of AMMIS in 2020.

Sponsors welcome.

https://ammis.assoconnect.com/page/295108-prochaines-reunions
Artificial Intelligence should not be a Black Box says the German Data Protection Authority

24 September 2019 - Ulrich Kelber, The Federal Commissioner for Data Protection and Freedom of Information, said on 24 September 2019 at the Symposium of the BfDI:

    "we are (quite often) here in front of a black box. The goal of AI must be not only innovative, but also transparent and fair. Data protection makes an important contribution to this."

The Conference of Independent Data Protection Supervisors of the Federation and the Länder ( DSK ) presented the adopted Hambach Declaration on Artificial Intelligence (Hambacher Erklärung zur Künstlichen Intelligenz).
Extracts from this declaration made in April 2019:

    "Not everything that is technically possible and economically desirable may be used in to be implemented in reality. This is especially true for the use of self-learning systems that process mass data
    Essential conditions for the use of AI are to be specified by the legislator and by the Supervising authorities.
    A generally accepted definition of the term artificial intelligence doesn't exists yet
    AI can serve the well-being of the patients in the hands of doctors. In the wrong hands, however, it can also be abused.
    Learning systems are highly dependent on the data entered. Inadequate data bases and conceptions can lead to results that act as discrimination. "

The Hambach declaration sets out 7 key principles:
1. AI must not make people an object
2. AI may only be used for constitutionally legitimized purposes and should comply with the purpose of the process
3. AI must be transparent, comprehensible and explainable
4. AI must avoid discrimination
5. For AI also, the principle of data minimization applies
6. AI needs accountability
7. AI requires technical and organizational standards

The group of the 16 German Data Protection Authorities doesn't propose a solution yet, but provides clear recommendations.
Our opinion is that life science companies and healthcare providers should take into account these guidelines, and also these of the ICO, the UK Data Protection Body.


For more details on this , contact us at contact@pharmarketing.netNouveau paragraphe
Google wins Case against French Regulator on Right to be Forgotten

         






24 September 2019 - Google wins a case against the French regulator, the CNIL on the right to be forgotten, said the Court of Justice of the European Union.

The EU's top court has ruled that Google does not have to apply the right to be forgotten globally. It means the firm only needs to remove links from its search results in Europe - and not elsewhere - after receiving an appropriate request.

In our opinion, it sort of creates a ‘9th right’ for EU citizens: your personal contact details remain in Google’s databases, but just people in the EU can’t see search results.


Read press release from EU Court of Justice.
Swiss National Council to examin Project of Law for Data Protection - with potentially Lower Protection for Citizens

         30 August 2019: 2 years after the Federal Council submitted a recommendation to revise entirely the Swiss Law for Data Protection, it has been agreed to submit this project to the National Council. the opinion of the Swiss Data Protection Authority, the EDOEB (or PFPDT in French) is that the new text guarantees a level of protection that is less than the EU GDPR, and less than the existing Swiss privacy Law (Data Protection Act of 1992). There will be a public debate on 24 and 25 September.


Read full article in English.  French, German, Italian
Netherlands puts 90 million euros on the table to avoid Healthcare Professionals retyping data every time - Improves Data Quality and Reduces Risks to Data Subjects' Privacy

4 September 2019 - Many caregivers experience a high workload due to unnecessary rules or complicated data exchange.

 A (transfer) nurse, for example, who has to retype data several times for one elderly patient in order to transfer him or her from hospital to district nursing. 

A district nurse who is not aware of the admission to the hospital so that he is unnecessarily in front of a closed door. 

Or the patient who after a hip operation has to tell his story time and again to different care providers. This can be improved with good digital data exchange. 

The InZicht subsidy scheme is there to stimulate digital data exchange in healthcare.


Avoiding retyping:

- helps HC professionals concentrate on what they do best: provide care to patients

- avoids human errors when retyping, which can lead to diagnostic errors, or drug dispensing errors

- improves data quality, hence data privacy


 Read article (in Dutch)
Spain wanted to exempt not-for-profit associations from conducting a DPIA!

9 July 2019 - The European Data Protection Board (EDPB)  reveals that the the AEPD, the Spanish Data Protection Authority wanted to exempt not-for-profit associations from doing a DPIA.


: EDPB says it can only be the case for the personal data from members and donors. 


Imagine that a scientific association could launch a new clinical study without analysing the risks? ? This is clearly not possible within GDPR! 


Read opinion from EDPB on Spanish list
Even if a personal data processing is exempted from DPIA, Controllers should still guarantee the security of it (EDPB, July 2019)

9 July 2019 - In its comments to the French Data Protection Agency (DPA) list for processings which are exempted from doing a Data Privacy Impact Assessment (DPIA) , the European Data Protection Board (EDPB)  restated clearly the following:


Even if a type of processing is exempted from  DPIA by a local DPA, the Controller should still guarantee the security of the processing, as per Article 32 EU GDPR.


For example, the French CNIL put on the exemption list the payroll processing in the case of small companies.


Controllers should still make sure they maintain their best scrutiny on the security of the payroll process, as far as the privacy of employees are concerned.


For example, a small company should NOT send the payroll elements by email to its accountant unless the email process is  encrypted.


Read opinion from EDPB on French list
EDPB-EDPS Joint Opinion on the processing of patients’ data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI)

9 July 2019 - The eHealth Network is a voluntary network of responsible authorities for eHealth designated by Member States. The network is provided in Article 14 of Directive 2011/24/EU on patients’ rights in cross border healthcare. Among
others, one of the main objectives of the eHealth network is to enhance interoperability between
national digital health systems in exchanging patients’ data contained in ePrescriptions, Patient Summaries and electronic health records. In this framework, and in order to facilitate such interoperability, the eHealth network and the Commission have developed an IT tool, namely the eHealth Digital Service Infrastructure (hereinafter eHDSI).

On 13 May 2019, the European Commission (Directorate-General for Health and Food Safety, “SANTE” ) submitted a request to the European Data Protection Board (hereinafter EDPB ) and to the European Data Protection Supervisor (hereinafter EDPS ) for a joint opinion in accordance with article 42 (2 ) of Regulation 2018/1725, on the data protection aspects of the draft Implementing Decision. There were 3 topics:
  • Is the encrypted connection a processing of personal data? the EDPB and the EDPS answer: yes
  • Processing of personal data of personnel from National Contact Points for eHealth
  • Processing of personal data of patients for the purpose of their exchange from one Member State to another.
The EDPB and the EDPS say that the Member States are joint controllers.
They add that the the answer to point 1 is yes.
Regarding the 2 last points, they could be considered as separate, since their purposes are clearly different. This may potentially lead to a different allocation of responsibilities among the actors involved.

Is the Commission a Processor? EDPB and EPS state that the Commission is involved in some of the procedures regarding the development of technical and organisational solutions, as well as the systems’ security elements, it does not have decisionmaking power in terms of defining the purpose or the essential means related to this processing operation., so the Commission is a Processor.

Share by: