The General Data Protection Regulation (GDPR) is fast approaching with enforcement beginning on May 25, 2018. GDPR represents an important shift in the way businesses will operate in the new world of data privacy. This new privacy law touches every company that accesses, controls, or processes personally identifiable information for citizens of the European Union. With minimum fines for violations set at 20 million euros or up to 4 percent of annual global revenue, the law is forcing companies to evaluate their business processes and technology solutions.
Impact on the Life Sciences Industry
Clearly, many life science organizations are vulnerable. They may process personally identifiable information of health care professionals (HCPs) throughout the engagement process. For example, this might occur during contracting or it could happen while reviewing and updating HCP profile information in CRM systems. Another access point are financial systems which access and use personal data when remitting payments for physician fee-for-service activities.
Compliance Cloud Technology
This presents challenges because companies may still be using manual or excel-based systems to process some personally identifiable information, opening the organization up to risk. Now, CTOs, CIOs and their IT teams must consider how to move their compliance programs to the cloud to ensure data is protected and kept private. Companies will also need to ensure that data protection principles are built into any new or existing technology solutions. This includes mechanisms for consent management, security, data minimization, and data archival/deletion. The new term to describe software systems that comply with these new laws is “developed with data privacy by design.”
Lean on Technology Partners
We’ve been at the forefront of explaining how data privacy can impact our customers. Leaders in the world of compliance, we have been advising our customers about ways to prepare for GDPR. Our focus is on understanding GDPR and its impact on managers of healthcare data and technology challenges and ultimately provide recommendations for GDPR readiness.