The General Data Protection Regulation (GDPR) enforcement begins May 25, 2018. GDPR represents an important shift in the way businesses will operate in this new world of data privacy. This new privacy law touches every company that accesses, controls, or processes personally identifiable information for European Union (EU) citizens. With minimum fines for violations set at 20 million euros or up to 4 percent of annual global revenue, the law is forcing companies to make GDPR a priority. They are taking data privacy seriously.
The Impact on Life Sciences
Clearly, many life science organizations are vulnerable. They may process personally identifiable information of health care professionals (HCPs) throughout the engagement process. For example, this might occur during contracting. Or it could happen while reviewing and updating HCP profile information in CRM systems. Another access point are financial systems which access and use personal data when remitting payments for physician fee-for-service activities.
This presents challenges because technology systems were not designed with data privacy in mind. Now, CTOs, CIOs and their IT teams must consider how systems process personally identifiable data of any EU citizen. In addition, companies must put business process controls in place to ensure data is protected and kept private in both internal and external systems. Companies will need to ensure that data protection principles are built into technology. This includes mechanisms for consent management, security, data minimization, and data archival/deletion. The new term to describe software systems that comply with these new laws is “developed with data privacy by design.”
GDPR Impact on Compliance Programs
We’ve been at the forefront of explaining how data privacy can impact our customers. Leaders in the world of compliance, we have been advising on how to get prepared for GDPR. We will run a workshop “General Data Protection Regulation and Its Impact on Compliance Programs” at the Fleming 6th Annual Corporate Compliance & Transparency in the Pharmaceutical Industry conference on Wednesday, February 21st in Zurich. We will focus on understanding GDPR and its impact on managers of healthcare data. Ultimately, we will provide recommendations for GDPR readiness. Conference attendees will learn how to evaluate and assess their organizations ability to comply with GDPR. We will focus on technology challenges. In addition, we will discuss practical solutions for conducting a data inventory and managing HCP consent.
For more details on the on the Fleming conference read more here.