Europe’s lawmakers have reached an agreement on the General Data Protection Regulation (GDPR), a new law set to take effect in 2018.

The GDPR will replace Europe’s Data Protection Directive of 1995, legislation designed to guarantee European citizens’ right to the pro­tection of their personal data. While well-meaning, the directive could not have anticipated the dramatic growth of the internet over the past 20 years.

To ensure Europe’s data protection regulation is fit for the modern age, GDPR will scrap the patchwork of data protection rules currently across the EU and creates a simplified op­erating environment for businesses. The existing directive left European governments to enact the rules in their own way, resulting in inconsis­tencies from one market to the next. In two years’ time, it’s intended that the GDPR will create a unified data protection environment across all 28 EU member states.

New obligations placed on com­panies that process personal data will include the need for internal com­pliance and training programs for staff, and the maintenance of internal records detailing the data process­ing activities they’re responsible for. Companies whose data processing activities may result in high risks for individuals, such as those handling significant amounts of sensitive data, will first be required to conduct data protection impact assessments. They will also need to appoint data protec­tion officers to monitor compliance and liaise with regulators.

Data breaches will need to be re­ported to the authorities within 72 hours. Violations may lead to fines of up to 4% of global annual turnover.

Critics fret that uncertainty over the impact and costs of the new rules, coupled with the potential for multi-million-dollar fines, may stifle innovation. A more optimistic view is that the new laws will give people confidence to share their data online, allowing digital innovation to flour­ish. Companies can’t avoid the need to spend more on data-protection compliance. But those that move quickly might find that their invest­ment turns into a source of competi­tive advantage.

Written by Guest Writer Pete Chan. Chan is chief innovation advocate of Tudor Reilly Health, a digital communications agency focused on healthcare and the development of new treatments. He is part of a team that uses online tools to accelerate clinical trial recruitment. Pete has over a decade’s experience in the pharmaceutical industry, having joined Tudor Reilly Health after a career as an industry editor and journalist, including as analysis editor of Scrip Intelligence and editor of the annual Scrip 100. Visit tudor-reilly.com

This article was reprinted from Volume 23, Issue 06, of The CenterWatch Monthly, an industry leading publication providing hard-hitting, authoritative business and financial coverage of the clinical research space. The Action Items section features short columns  focusing on actionable or how-to advice from clinical trial professionals. To submit an Action Item, please contact editorial@centerwatch.com. Subscribe >>