See the latest News from other Associations - click here
1 August 2016: European Commission adopts the EU – US Privacy Shield
From August 1, 2016, US companies will be able to certify their compliance with the new EU- US Privacy Shield agreement.
The EU - US Privacy Shield is designed to protect the privacy rights of citizens of the European Economic Area (EEA) when their personal data is transferred to the USA. This new framework is the replacement for the invalidated Safe Harbor Framework. The Privacy Shield places stronger obligations on US organisations to protect the personal data of EEA citizens. It requires greater transparency about transfers of personal data to the US and it offers more accessible redress options in case of complaints.
More details here - pdf
July 2016: GDPR Update: more details here
The General Data Protection Regulation (GDPR) has now been agreed by the European Council, Parliament and Commission. The final text was published in Official Journal on 24 May 2016 and came into force on the 24th of May 2016, which means it will apply from 25 May 2018 - giving us a two year window to prepare. The GDPR updates and replaces the current data protection rules based on the 1995 Data Protection Directive.
The Regulation will establish a single, pan-European law for data protection meaning that organisations deal with one law, not many laws. However there will be some country variations as Member States still have discretion on specific provisions. Over 50 articles have been left to member states to implement in their own national law - including provisions governing the processing of personal data for research purposes.
The new rules mean we must build in data protection by design and by default, carry out privacy impact assessments for riskier or larger scale projects, and implement privacy-friendly techniques such as pseudonimysation, data minimisation and encryption. They are designed to be future-proof, technologically neutral, fit for innovation and big data analytics.
May 2016: The EU General Data Protection Regulation (GDPR) has been approved by the European Parliament
The GDPR updates and replaces the current data protection rules based on the 1995 Data Protection Directive. The final stage of the legislative process will be publication of the GDPR in the official journal, which is expected by June this year. Based on publication by June of this year, it will come into force in mid-2018, so members will have approximately two years to prepare.
The Regulation will establish a single, pan-European law for data protection meaning that organisations deal with one law, not 28. However there will be some country variations as Member States still have discretion on specific provisions. The new rules encourage privacy-friendly techniques such as pseudonimysation, anonymisation, encryption and data protection by design and by default, they are designed to be future-proof: technologically neutral and fit for innovation and big data analytics.
The GDPR will also mean that any company - regardless of whether it is established in the EU or not - will have to apply EU data protection law if they wish to offer their services in the EU.
EphMRA is currently working on providing you with more detailed guidance on the implications of the GDPR and will be in touch again soon.
May 2016: The EU-US Privacy Shield – Replacement for the Safe Harbor Agreement
European data regulators (the Article 29 Working Party) have recently reviewed and have expressed concerns about the EU-US 'Privacy Shield' (the successor to the now invalid Safe Harbour Agreement) which is designed to cover the transfer of data between the EU and the USA. The regulators said the latest version needs further amendments and clarification.
The European Commission has indicated that they are hoping to seek approval for the Privacy Shield in May with adoption in June 2016. When we have further news, we will be in touch again.
March 2016: Country Differences Grid - a handy guide showing the country differences in the Code - brought together for easy reference. Available via Members Login.
February 2016: Transfers of Personal Data to the USA – Latest update following the Safe Harbor Decision
- The new EU-US Privacy Shield framework includes:
- stronger obligations on companies in the US to protect the personal data of Europeans
- stronger monitoring and enforcement by the US Department of Commerce and Federal Trade Commission (FTC), including through increased cooperation with European data protection authorities.
- commitments by the US to limit public authorities' access of personal data, preventing generalised access.
- Europeans will also have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson.
New EU Data Protection Regulation - November 2015 Update
March 2015 - EFPIA Disclosure Code requirements - overview by country - available to members only (via log in - Ethics)
January 2015: Disclosure requirements Update
In 2014 the EFPIA introduced a Disclosure Code, to increase transparency with regard to interactions between the pharmaceutical industry and the healthcare profession. For market research (MR) this means that disclosure of MR payments to HCPs is required when pharmaceutical companies are aware of the identities of those participating in MR it has commissioned and MR-related payments (incentives and expenses) have been made to HCPs. If the HCP’s identity is not known to the pharmaceutical company disclosure is not required.
More details from EphMRA here
Information from EFPIA - via members log in - Ethics - January 2015
EFPIA Code on Disclosure of Transfers of Value from Pharmaceutical Companies to Healthcare Professionals and Healthcare Organisations. (EFPIA HCP/HCO DISCLOSURE CODE)
Frequently asked Questions - FAQ - available to members via log in
It is understood that unless there is a strong legal mandatory requirement, no deviations from the EFPIA HCP/HCP Disclosure Code should be envisaged by the Member Associations, which were required to transpose the Code in full by 31 December 2013.
These FAQs provides clarification and interpretation of the EFPIA Code provisions. They are provided as guidance and in addition relevant national association codes and related guidance have to be considered.