Newsletter 44 August - September 2022
15 Sept 2022 -
Argentina updates its
Data Protection law towards the
GDPR and Convention 108. The goal is to retain
EU
adequacy to simplify international
Data Transfers. The draft Bill is open for comment until the end of the month of September 2022.
Discover the law and submit comments at: https://www.boletinoficial.gob...
A new EU Regulation has been proposed on September 16th, 2022: the Cyber Resilience Act.
The goal is to increase the security of hardware and software products, and hence reduce the possibility of Personal Data Breaches.
For more information. click here:
- I can transfer any personal data within the EU/EEA :
- The answer is
YES: as all countries in the EU/EEA offer the same level of protection to personal data, personal data can circulate freely within EU/EEA. For example a hospital in Germany can send patient data to a CRO in Croatia. Or an affiliatein Italy can send employee personal data to its headquarter in Norway.
- If I redact all direct identifier from a data set, then the resulting data are fully anonymised and they don't fall under the GDPR anymore:
- The answer is NO , because the EU GDPR and the UK GDPR (i.e. the UK Data Privacy Act 2018) consider that redacted data are still Personal Data. And for this reason, they still fall under the GDPR and you need to protect them and make sure citizens can exercise their rights on such data
- At the opposite, in countries like the US, such redacted data are considered as fully anonymised: in other words, they are not Personal Data anymore, and people can send them anywhere, even if they contain healthcare information about a patient.
For more information on these 2 questions, contact us at contact ( at ) pharmarketing.net