Compliance with General Data Protection Regulation (GDPR) Within Medtech
1 Hour Video | Val Surgenor, MacRoberts LLP
The final draft of the General Data Protection Regulation was released in May of 2016 and the countdown to compliance has begun. This new Regulation, which will have direct effect, is intended to increase the protection and harmonization of patient data and will bring significant change to how medical device manufacturers, both in the EU and elsewhere in the world, manage and control patient data. The new requirements are substantially larger in scope with significant changes and a number of new rules being applied. Key areas of change include increased administrative duties for both data controllers and data processors, stringent requirements for consent and privacy policies, in some circumstances the appointing a privacy officer, pseudonymization and anonymization of patient data, new data breach reporting requirements and significant penalties for data failures.
While full compliance is not required until May of 2018, the vast array of changes required have many device companies taking a proactive stance on implementation to allow for time to test the system to ensure success.
- Adopting integrated data and records management processes.
- Nuances in informed consent, privacy and security criteria.
- Validity and purpose limitation.
- Exemptions and secondary processing and pseudonymization and anonymization of patient data.
- Defining direct obligations for data processors.
- Privacy by design and Privacy Impact Assessment (PIA).
- New proposals for transfer of personal data between EU/US.
- Recognizing a breach and breach notification management.
Participants that will find this webinar most beneficial will be those involved in medical device and diagnostic companies. Job titles of attendees that will be most applicable for this session will be:
- Regulatory Affairs
- Data Management