Finishing time:2016/3/4 11:58:05 Announcer:TRISEARCHER
After four long and tiring years of negotiations, the European institutions announced on the 15th December 2015 that they had reached a political agreement on the shape and the content of the future data protection framework.
Since the summer, top level officials in delegations and conferences were singing in unison that this legislation would be agreed before the end of the Year.
This has been a piece of legislation which has been keeping the entire industry interested, the European Union’s existing data protection framework is amongst the toughest in the world and has inspired regulators across the world to adopt it both out of commercial necessity but also to respond to the growing citizen interest and concern.
Research benefits from preferential treatment in the new law
EFAMRO and ESOMAR have worked tirelessly and these efforts have paid off. European regulators finally adopted a framework
So the good news is that research conducted within the scope of the ESOMAR code will benefit from additional exceptions from the general data protection rules, provided we hold steadfast to the key principles enshrined in all our Codes such as pseudonymisation, Essentially, if you conduct research, Europe has put the necessary enabling framework and even has acknowledged the legitimacy of conducting next-gen big data research involving the combination and re-use of data sourced from multiple sources. We’ll go into much more detail about this in our upcoming webinars.
European citizens get a whole set of new rights
From the market perspective, social research agencies and research clients alike will need to cater for. Ranging from a right to be forgotten, a right to object to profiling activities, a strengthened right to prior notification before data collection, a right to data portability, European citizens now have – more than ever – a right to know beforehand. These requirements will need to be incorporated into business practices if they are not already.
Another important development focuses on profiling, one of the most hotly contested points in the reform.
Another aspect which is important to outline here is that data breach notification requirements are set to become much tougher. In the event of a data breach, companies are required to report within 72 hours of having identified the breach to the authorities who will then take a decision of the extent to which public disclosure will be required.
All companies collecting European citizens’ data regardless whether they are based in Europe or outside will have to comply to this legislation.
That means if you’re based outside the EU, for example in India or in Latin America, if you collect data on French respondents, you will be required to comply with this legislation.
This legislation is directly enforceable, starting in 2018, in all 28 EU Member States and the same law will be in effect in all countries. One caveat is research, where Member States will be given the choice on whether they wish to offer additional preferential treatment on top of what is foreseen for all. This will be a source of additional work for national associations, EFAMRO, and ESOMAR to try and secure an even more permissive environment for research across all countries.
The new law will do away with burdensome prior registration requirements This, in turn, will make it much easier to establish new data related projects across the Union.
Therefore, the European General Data Protection Regulation (GDPR) is set to become a central part of our business’ lives within a few years of time. The legislation should come into force sometime in 2018.
What happens next in the process is fairly simple: the finalized text will be put up for vote in the European Union’s Parliament and Council of Ministers. If all goes well, and it is expected to, the law should be voted on and adopted by the second quarter of 2016.
We will then all have a lot of work to do, to adapt our processes to comply with the GDPR by the time it comes into force.
In general, the advocacy work of EFAMRO and ESOMAR has paid off and once again, the value of our self-regulation has been reaffirmed As one process closes, another begins, and we will be right there along with you as you start your new compliance journey.
