MUSINGS ABOUT DATA PROTECTION AND LAW IN THE LIFE SCIENCES SECTOR

Long story short: deletion can also be a personal data breach

A hacker accessing personal data or an employee leaving a confidential list with patient data in its shopping cart are very obvious examples of personal data breaches under the GDPR. However, less obtrusive examples of personal data breaches may fly under the radar due to companies not recognizing them as personal data breaches. Last week, a Dutch hospital encountered a less recognizable personal data breach, namely accidental deletion of data. Lessons can be learned from this personal data breach. The Albert Schweitzer hospital has accidentally overwritten (older)…

Keep reading

To (privacy) shield or not to shield.

The EU and US have entered into a preliminary political deal about a new transatlantic data transfer agreement between them, necessary due to the invalidation of the Safe Harbor agreement and Privacy Shield. The legal text for the so-called ‘Trans-Atlantic Data Privacy Framework’ is yet to be published, but Max Schrems (instigator of the Schrems II judgement of the European Court of Justice) appears to be warming up for another round against the replacement of Privacy Shield. He also made some very valid points to temper overeager…

Keep reading

New standard contractual clauses – new roads or old ways?

On June 4th 2021, the European Commission published the final working documents of the new standard contractual clauses (SCC). Since then, the new SCC have been published in the official journal of the European Union. Since the Schrems II decision of the European Court of Justice set stringent criteria for the use of the existing SCC, privacy professionals and businesses alike have eagerly awaited publication of new standard contractual clauses. Now that the new SCC have been published, the question arises: were these standard contractual clauses worth…

Keep reading


About. This blog is written by Cécile van der Heijden, an Amsterdam-based attorney-in-law specialized in EU data protection law and health care in the life sciences sector.

This blog is written with the intent to provide interesting updates about legal developments in the life sciences sector and to share thoughts about legal aspects of data protection law and life sciences specific legislation.

DISCLAIMER. This blog is written strictly on a personal title and does not reflect the opinion of my employer. Posts on this blog, including reactions and comments from authors, cannot replace legal advice and do not lead in any manner to an attorney/client relationship. If you would like to seek legal advice from me, please reach out to me via cecile.vanderheijden@axonlawyers.com