A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 17 May 2016
Increased interest in DP filings regarding data processing in the context of disclosure obligations under the EFPIA Code
There seems to be an increased interest in DP filings relating to data processing performed in the context of obligations of pharmaceutical companies to disclose any Transfers of Value to EU-based individual healthcare providers, for compliance purposes with the EFPIA Code, also implemented in Greece. Since a number of questions have been raised in this context, attributed, to an extent, to the interplay between the implemented EFPIA Code and other laws in place setting out relevant disclosure obligations, it is likely that specific guidance will be issued by the HDPA, with a particular focus on the adherence to the principle of proportionality.
To be considered as background information, in designing products targeting pharmaceutical industry.
Need for an update of DP filings following the CJEU Schrems decision
Following the Schrems decision and a public notice by the HDPA, the following position seems to apply -in practice- as to existing DP filings regarding notification of data transfers to third countries made on the basis of safe-harbor certificates: (a) any data transfers to non EU-based data recipients on the basis of safe-harbor certificates are deemed to be unlawful; (b) data controllers, who transferred data to non EU-based data recipients on such basis, and who, following the issuance of said court decision, wish to continue transferring data to non EU-based entities, shall update their DP filings upon compliance with the other bases for validity of data transfers provided under the law (primarily Data Transfer Agreements incorporating EU Standard Contractual Clauses) as soon as possible; (c) an update of DP filings in place by data controllers is currently in progress (whereby the replacement of the safe-harbor certificate through a copy of a signed Data Transfer Agreement incorporating EU Standard Contractual Clauses should be sufficient); and (d) the HDPA reserves its competence to conduct, at any time, compliance checks in this respect.
Organisations operating in Greece should review their current filings in Greece particularly where transfers are on the basis of safe-harbor certificates to ensure an alternative adequate measure is in place.
Data processing involving the use of cloud systems
The use of a cloud system in the context of data processing relating to a specific processing purpose should be treated autonomously from a data protection law perspective, in the sense that the cloud system and the services rendered there-under should be described and addressed separately and specifically. The adherence to the principle of proportionality is likely to be critical in any regulatory scrutiny of such arrangements.
Organisations in Greece should bear this in mind in the event of data processing, which entails the use of a cloud system.
Submitted by Alkistis Christofilou, Partner and Maria Demirakou, Senior Associate at Rokas Law Firm – Athens, Greece
Return to main page >>>
Lisa Broderick, Rowena McCormack, Julie-Anne Binchy, Charlotte Burke, Simon Halpin, David Freeman
Rhiannon Webster, Jade Kowalski
Khurram Shamsee, Hans Allnutt, Eleanor Ludlam
Jade Kowalski, Rhiannon Webster, Ceri Fuller, Khurram Shamsee, Sophie Devlin, Christopher Air
Jade Kowalski, Rhiannon Webster
Rhiannon Webster, Charlie Christie
Michael McMillen, Rhiannon Webster
Ceri Fuller, Khurram Shamsee, Jade Kowalski, Sophie Devlin, Christopher Air
Hans Allnutt, Patrick Hill, Laura Stewart
Hans Allnutt, Camilla Elliot
Hans Allnutt, Patrick Hill
Hans Allnutt, Rhiannon Webster, Patrick Hill