Applicable Data Protection Laws
Last updated: 25 September 2025
In accordance with the terms of our MedBrief Services Agreement, MedBrief will ensure that Data Subjects whose Personal Data is provided to MedBrief by a Client will be treated and protected in accordance with Applicable Data Protection Laws of the Client Region and, where applicable, the laws of the MedBrief Service Provider Region. Clients should clearly notify MedBrief in advance whenever requesting Data Processing services relating to Data Subjects from a different region to the Client Region. MedBrief does not warrant compliance with the laws of territories not specifically listed in the table below. Please Contact us to discuss your unique compliance requirements.
| Client Region | Applicable Data Protection Laws | MedBrief | MedBrief |
| United Kingdom
| UK General Data Protection Regulation (UK GDPR); Data Protection Act 2018 (DPA 2018); Data (Access and Use Act) 2025 | United Kingdom | MedBrief Services Limited, UK company no. 10632197 |
| EMEA
| European Union: General Data Protection Regulation (GDPR) - (Regulation (EU) 2016/679); ePrivacy Directive (Directive 2002/58/EC) | ||
| Americas
| United States of America: Health Insurance Portability and Accountability Act (HIPAA); California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA); Virginia Consumer Data Protection Act (VCDPA); Colorado Privacy Act (CPA); Utah Consumer Privacy Act (UCPA); Connecticut Data Privacy Act (CTDPA) Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) Canada (Quebec): Act respecting the protection of personal information in the private sector, as amended by Law 25 | ||
| Asia-Pacific
| Australia: Privacy Act 1988, which includes the Australian Privacy Principles (APPs) Singapore: Personal Data Protection Act 2012 (PDPA) New Zealand: Privacy Act 2020 |