Compliance with General Data Protection Regulation (GDPR) Within Medtech

1 Hour Video | Val Surgenor, MacRoberts LLP

The final draft of the General Data Protection Regulation was released in May of 2016 and the countdown to compliance has begun. This new Regulation, which will have direct effect, is intended to increase the protection and harmonization of patient data and will bring significant change to how medical device manufacturers, both in the EU and elsewhere in the world, manage and control patient data. The new requirements are substantially larger in scope with significant changes and a number of new rules being applied. Key areas of change include increased administrative duties for both data controllers and data processors, stringent requirements for consent and privacy policies,  in some circumstances the appointing a privacy officer, pseudonymization and anonymization of patient data, new data breach reporting requirements and significant penalties for data failures.

While full compliance is not required until May of 2018, the vast array of changes required have many device companies taking a proactive stance on implementation to allow for time to test the system to ensure success.

  • Adopting integrated data and records management processes.
  • Nuances in informed consent, privacy and security criteria.
  • Validity and purpose limitation.
  • Exemptions and secondary processing and pseudonymization and anonymization of patient data.
  • Defining direct obligations for data processors.
  • Privacy by design and Privacy Impact Assessment (PIA).
  • New proposals for transfer of personal data between EU/US.
  • Recognizing a breach and breach notification management.


Participants that will find this webinar most beneficial will be those involved in medical device and diagnostic companies. Job titles of attendees that will be most applicable for this session will be:

  • Regulatory Affairs
  • Compliance
  • Data Management







Val Surgenor
MacRoberts LLP

Valerie Surgenor is a partner in the IP, Technology and Commercial Group of the Scottish law firm of MacRoberts LLP and specialises in data protection, information management and cybersecurity across a number of sectors in both the UK and internationally. With a particular interest in the medical device sector she regularly advices clients on their compliance programs, regulatory issues, clinical trial arrangements and related commercial matters. She is regular trainer, author and speaker on the subject of data protection and the implementation of compliance programs.

Recent Events

Purchase Now

Purchase Now