Entry into force of the General Data Protection Regulation: Part 1 – it affects us all!

The new European Union legislation on personal data processing and protection, the General Data Protection Regulation (GDPR), comes into force today, Friday May 25, 2018. This is the most significant EU legal reform on personal data protection for the past 20 years.

You will no doubt have already heard of the GDPR via the media or through your professional network, but what is it really all about? Who is affected?

The GDPR introduces a harmonized framework for personal data protection in all EU countries. It strengthens the rights of European citizens and introduces measures to increase the accountability of companies and other organizations dealing with personal data.

This means that all Institut Pasteur employees are affected: personally, since all employees share their personal data, for example with the Institut Pasteur; and professionally for any staff members whose activities involve handling the personal data of third parties (e.g. HR data and data from patients, research participants, clients, suppliers and donors).

The Institut Pasteur is affected by the GDPR at several levels: as an employer, but also in connection with its research, teaching and public health activities. So it has already begun adapting its internal procedures to ensure that they comply with the new legislation. A working group composed of representatives from several departments (legal affairs, human resources, information systems, technical resources and environment, and medical affairs and public health) has been set up to guide the Institut Pasteur through this process. Given the framework, the GDPR team may contact you to discuss potential measures that need to be taken in connection with your own activities.

If you have any questions about the GDPR and would like to know how it affects you, please contact the team by email at rgpd@pasteur.fr.