The deadline to comply with the EU General Data Protection Regulation (GDPR) is May 25, 2018. Are you ready? If you're a life sciences company, you may be more prepared than you think. The key is to leverage the controls and practices you already should have.
What is GDPR?
In December 2015, the EU parliament voted to finalize GDPR and set May 25, 2018, as the deadline for compliance. The primary objective of GDPR is to give citizens control of their personal data, including the right to erasure, meaning that access rights to personal data can be revoked, requiring the complete erasure of all their data. Also in scope is likeliness, including metadata, which is data about the data or data you can use to figure out who the person is. This is not difficult to do in our social media-driven society.
The good news for life sciences companies is that controls and practices should already be in place as the result of other regulations, such as:
Corrective Action / Preventive Action
Life sciences companies can use these controls and practices to demonstrate they are GDPR-ready and compliant. However, action is required to demonstrate due diligence.
Develop a GDPR Compliance Assessment / Plan
Inventory your systems (software, network, cloud, hardware). You need to know systems that are accessing, managing, and processing personal data, including likeliness.
Conduct risk assessments. Find out where risks are high or potential problems exist.
Mitigate risks. Fix the issues, starting with high-risk first.
Document! You need objective evidence because, from a regulatory perspective, if it isn’t documented, then it didn’t happen.
Leverage Compliance-Related Systems
The ValGenesis Validation Lifecycle Management System (VLMS) can be a powerful tool to help companies comply with GDPR.
First, personal data is not usually stored, processed, or managed in ValGenesis’ VLMS because it is used to Validate other systems, and other systems must be validated before they’re used in production. It’s not wise to put personal data in a non-validated system or to use personal data to validate a system.
Functionality to help execute GDPR Assessment Plan
Comprehensive Validation Lifecycle management
Decision Trees to determine consistent, compliant outcomes.
Inventory of systems, including their validated state.
Real-time impact notification of changes.
Scheduler for Periodic Reviews and Re-Validation.
Regarding the last bullet point, the ValGenesis Scheduler can be used to conduct controlled assessments based on standardized worksheets to assess systems. Calendar and auto-notification ensure all tasks are done on time. Electronic signatures, an audit trail, and a validated document repository deliver immediate access to objective evidence. Mitigated risks can then be formally tested.
Call today to learn more about how ValGenesis VLMS can be leveraged for GDPR compliance.
The deadline to comply with the EU General Data Protection Regulation (GDPR) is May 25, 2018. Are you ready? If you're a life sciences company, the key is to leverage the controls and practices that you should already have in place.
Steve Thompson has worked in Life Sciences for over two decades in both Information Technology and Quality Assurance roles. He’s a certified systems auditor and has audited hundreds of companies globally. A published author, a frequent speaker at industry conferences, on the Board as a Director for PRCSQA, Editorial Advisory Board for ISPE, and Elite Faculty member for KENX, and Adjunct Lecturer, Temple University, School of Pharmacy, RA/QA Graduate Program. He was honored with an APEX 2020 award of excellence for a peer-reviewed article he co-authored for Pharmaceutical Engineering on Blockchain. Currently, as Director Industry Solutions at ValGenesis, Steve helps Life Science organizations realize the potential benefits of advanced technologies, along with inherent risks.