News

Will the Digital Omnibus Actually Pass? A Quick Reality Check

Read More

International Panorama of Health Data Transfers

Read More

Artificial Intelligence (AI) in Scientific Research: key takeaways from the European Commission’s 2025 report

On 8 October 2025, the European Commission’s Joint Research Centre (JRC) published its report “The Role of Artificial Intelligence in Scientific Research” (AI in Science Report), which provides a foundation for future European policy on AI in science and aims to help build a trustworthy, responsible, and transparent use of AI in research. Key legal and ethical considerations: The JRC highlights several main issues that life science organisations must consider when using AI. 👉 Official r...
Read More

Three Landmark Data Protection Updates in September 2025

September 2025 has been a landmark month for data protection, with 3 major developments in just three days: 3 September: The General Court upheld the EU–US Data Privacy Framework (DPF) in the Latombe case, securing legal certainty for transatlantic data flows. 4 September: The CJEU issued its EDPS vs SRB ruling, clarified the definition of ‘personal data’ and how to interpret the concept of ‘pseudonymisation’.. 5 September: The European Commission published a draft adequacy decision fo...
Read More

Data Privacy as a Growth Strategy 🚀 The DPO Effect

Appointing a Data Protection Officer (DPO) is often viewed primarily as a regulatory requirement, particularly under frameworks like the General Data Protection Regulation (GDPR). While the regulation outlines clear criteria for when and how a DPO must be appointed, the true value of this role goes well beyond compliance. In reality, having a DPO can deliver significant economic benefits—both direct and indirect, hard and soft—positioning data protection not just as a legal necessity, but as...
Read More

12 months on: the countdown for adapting to Brazil’s International Data Transfer Regulation

In August 2024, Brazil’s National Data Protection Authority (ANPD) published Resolution CD/ANPD no. 19/2024 (known as the ‘International Data Transfer Regulation’), marking an important milestone. Last year, for the first time, companies were given a clear framework on how to handle international data transfers under the LGPD, Brazil’s data protection law. 🔐 In addition to the Regulation, the ANPD also released Brazil’s own set of Standard Contractual Clauses (in short, ‘SCCs’),...
Read More

The Data (Use and Access) Act 2025: key changes relevant to scientific research

On June 19, 2025, the Data (Use and Access) Bill received Royal Assent and became law (the Act). This Act introduces significant reforms to the UK’s data protection framework, with specific relevance for research organisations that process personal data. Below, we summarise the Act’s most relevant changes for scientific research and explain what each one means in practice for research organisations. 🔹 A statutory definition of scientific research (section 67) What is new? The Act broadens...
Read More

EU provisional agreement on cross-border GDPR enforcement reform

The Council of the EU and the European Parliament have reached a provisional agreement to strengthen the enforcement of cross-border cases. This reform addresses long-standing inefficiencies in handling complaints and aims to make the process faster, more transparent, and more effective for individuals. 💡 Key highlights: 🔹 Admissibility: All data protection authorities (DPAs) will assess complaints using harmonized criteria, avoiding inconsistent decisions between Member States. 🔹 Right...
Read More

Why Data Breach Awareness Training Is Critical for Clinical Trial Teams

May 15th, 2025 In an era of increasing digitalization in healthcare and clinical research, the risk of personal data exposure has become a central concern for sponsors, CROs, and sites alike. A data breach — defined under the EU’s General Data Protection Regulation (GDPR) as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data — is not only a regulatory issue but a reputational and operational one....
Read More

Clinical Trials in Spain: Is the AEPD Challenging the GDPR Code of Conduct?

Role qualification and Clinical Trials in Spain: Does the new AEPD decision undermine the legitimacy of the first European Data Protection Code of Conduct on Clinical Research? Spain’s complex regulatory landscape Sponsors trying to perform clinical trials in Spain have traditionally dealt with a complex regulatory landscape, partly due to the decentralization of competences on health to the different regions and the variety of authorities involved. From a data protection perspective, one of t...
Read More

The EDPB’s Opinion on AI & GDPR – Are You Compliant?

Last December, the European Data Protection Board (the “EDPB”) released their highly-anticipated opinion on AI models and GDPR compliance. Opinion 28/2024 on certain Data Protection aspects related to the processing of personal data in the context of AI models (the “Opinion”). Unfortunately, the Opinion did not meet stakeholders’ expectations. Rather than providing direct guidance, it requires a case-by-case analysis of the GDPR’s applicability; notably focusing on accountability and...
Read More

New EDPB Study on Secondary Use of Personal Data in the Context of Scientific Research

Read More

The European Health Data Space (EHDS) Enters into Force: A New Era for Health Data in Europe

As of March 26, 2025, the European Health Data Space (EHDS) Regulation has officially entered into force. This is the first EU-wide data space dedicated to a specific sector, launched under the European Data Strategy. It aims to revolutionize how health data is accessed, shared, and reused across the EU, with full implementation planned by 2034. ⚖️ A Dual-Purpose Framework The EHDS pursues two core objectives: Primary use: to improve patient care by ensuring individuals and healthcare profes...
Read More

Do you know how to frame the transfers of Personal Data under the Swiss Data Protection Legislation?

The Federal Act on Data Protection ‘FADP’ recognizes different transfers mechanisms, including standard contractual clauses approved or recognized by the DPA. However, the Swiss authorities haven’t formally approved a Swiss instrument; instead, the Federal Data Protection and Information Commissioner (‘FDPIC’) allows for the use of the EU Commission’s standard contractual clauses (‘EU SCCs’), provided that they are adapted and/or supplemented as necessary for their application to...
Read More

EDPB fact sheet on how to Respond to a Data Breach: A Business Guide

Data breaches involving individuals’ personal data are a great worry for any organization dealing with sensitive information in today’s era, this is the case with Life Science stakeholders and infrastructures. Even when security is strong, breaches cannot be avoided; therefore, responding appropriately is more important than ever. The European Data Protection Board (EDPB) provides precise guidelines on personal data breach notifications under the General Data Protection Regulation (GDPR). Fo...
Read More

The European Health Data Space (EHDS): Revolutionizing Health Data Use in Europe

Read More

FDPIC Guidelines on ‘Cookies & Similar Technologies’ and ‘Data Breach Report’

Read More

Mastering Transfer Impact Assessments: Key Insights from CNIL’s Final Guidelines

Read More

Understanding NIS 2 & its Implications for the Healthcare Sector

Read More

An insight into the most recent Privacy Developments in Brazil

Read More

European Health Data Space (EHDS): A Pivotal Step in Digital Health

Read More

New Data Protection Law in Chile: What You Need to Know to Stay Compliant?

Read More

EDPB Opinion 28/2024 on AI: the 3 Main Questions

Read More

Belgium’s DPA Fines Hospital €200K for Security Oversights

Read More
Powered by MyData-TRUST

Want to subscribe to our newsletter ?

Name(Required)
Privacy(Required)