From 25 May 2018, all EU entities are bound by strict data protection regulations, which are designed to protect the personal data of EEA citizens.
The new regulations (the General Data Protection Regulation, and the Data Protection Act) mandate that personal data must only be collected, stored and used fairly, lawfully, transparently and for the limited purpose or purposes for which it was obtained. The new regulations also place obligations on entities to treat and safeguard personal information as confidential.
The General Data Protection Regulation (GDPR) also restricts our ability to transfer personal data (that is, personal data relating to clients, applicants, inventors, etc.) to entities outside the EU, unless certain safeguards are put in place.
We ask our data subjects to consent to us transferring their data outside the EU, but consent is not, in fact, necessary where, for example, the transfer is necessary for the performance of a contract or the exercise or defence of legal claims.
Nevertheless, we require all of our non-EU associates to provide undertakings, as a precondition of us working with them, that the personal data of EU citizens that we share with them will be:
- Treated and safeguarded as confidential. This means that we require our associates to undertake that they have, and will maintain, adequate safeguards in place to protect the personal data from theft or abuse. In practice, this means that the personal data will be stored in a secure environment, for example, in computer systems with adequate measures in place to prevent unauthorised access to personal data, and/or in secure physical storage environments. Further, we require our associates to undertake that they will notify us of any data breach, or potential data breach, within 72 hours of such breach, or potential breach, occurring, which notification must itemise any and all data which may have been compromised.
- Only used for the purposes for which it was provided. This means that you may only use the personal data that we transfer to you for the stated purpose, such as to identify an applicant or inventor in a patent application, or as necessary for the processing of a particular matter. In particular, you must undertake not to: use, transfer-on, sell, gift or otherwise process the personal data we transfer to you for any other purpose; carry out any systematic processing of the data; or use any automated processing of the data.
Please complete the form below to confirm that you agree to the above.