Helping you comply with the GDPR / UK Data Protection Act 2018
Latest Data Protection News
European Draft Guidance on Data Controllers and Processors – Update Oct 2020
The European Data Protection Board (EDPB) has recently published draft guidelines which help to provide some clarity on data controller and processor roles: read more here
EU-US Privacy Shield Invalidated
On 16 July 2020 the Court of Justice of the European Union (CJEU) judged the EU-US Privacy Shield to be invalid. EFAMRO have prepared a very useful guide ‘International Data Transfers: The US Privacy Shield’ (July 21 2020), which will help you understand the implications: read more here
Immediate Data Protection Implications of UK’s Exit from the EU
The UK formally left the EU on the 31 January 2020 and entered a period known as ‘transition’ scheduled to last until 31 December 2020. During the transition period the GDPR will continue to apply in full in the UK. Consequently you do not have to do anything differently in 2020. For data to continue to flow freely between the EU and the UK from 2021, the UK must apply for and EU needs to issue an ‘adequacy decision’ this year. If this happens we would on the whole continue working as we do now in terms of data protection. The BHBIA’s Ethics & Compliance Committee will keep you posted. If you want to know more about the potential consequences of no adequacy decision keep an eye on this web page.
Data protection law
(General Data Protection Regulation) is the legal framework in the
European Union (EU), it has been incorporated into the UK Data Protection Act 2018.
The GDPR/DPA 2018 applies to any individual or organisation who is processing the personal data of EU citizens i.e. data controllers and data processors, who are required to demonstrate that they process personal data in compliance with the GDPR/DPA 2018.
Click on the links below to see details of our ready reference guides/updates and download the documents (See 'new' notes for the latest items):
This update aims to explain clearly and simply the circumstances in which an end client needs to be identified to market research participants.Download Update
This supersedes the September update that was previously published. It contains the same information but with the addition of brief details of the latest ICO guidance on special category personal data.
Information about extended data protection guidance that’s available from the UK Information Commissioner’s Office, and
A look at what's on the horizon:
- with Brexit looming large you need to understand the data protection implications;
- EU standard contractual clauses and the US Privacy Shield are being challenged in the European Courts and may be invalidated.
This update keeps you up to date with the latest government and ICO guidance on the implications of Brexit for data protection and market research.
As the UK prepares to leave the EU, this update provides additional guidance on the need to nominate a representative to meet GDPR requirements.Download Guide
An overview of the main principles and requirements of the GDPRDownload Guide
How to take stock of the personal data you process
How to assess the risks inherent in your data processing
How to determine whether you need one, and if so, how to appoint one
An explanation of the legal bases for processing personal data available to us under GDPRDownload Guide
Details the different consents that might be needed during a primary
market research project and when these consents must be secured
What you need to do to keep personal data secure throughout its processing lifeDownload Guide
- EU-US Privacy Shield Invalidated (July 2020)
- Update on naming end clients as data controllers (Oct 2018)
- Impact of naming the end client as data controller - BHBIA member survey findings (Aug 2018)
- Update on naming end clients as data controllers (Jun 2018)
- ICO - new notification fee for data controllers
Materials from recent meetings (available to full BHBIA members only):
- Ethics and Compliance Update - June 2020 - webinar recording and slides
- Ethics and Compliance Update - November 2019 - webinar recording and slides
- The Implications of Brexit for Healthcare Business Intelligence in the UK - 1 March 2019 - webinar recording and slides (the slides have been updated with the latest Brexit timings as of 25 March 2019)
- Compliance Dos and Don’ts when Using Secondary Data for UK Healthcare BI - 25 Jan 2019 - webinar recording and slides
Other GDPR resources to help you:
Updated versions of the forms from the appendix section of the Legal and Ethical Guidelines) in Word format for ease of use.View details / download pro formas
Our Privacy & Data Protection FAQ resource is a selection of real-life GDPR queries from members and the responses from our Ethics Advisor. It supplements the Legal and Ethical Guidelines and the GDPR Guides on this page, but does not cover all topics, so please check the main resources first.View the FAQ