Products Solutions Services Industries Meet ValGenesis
Schedule a Demo

ValGenesis Blog

Are you GDPR ready?

Blog Home | Published: March 22, 2018

The deadline to comply with the EU General Data Protection Regulation (GDPR) is May 25, 2018. Are you ready? For Life Science companies you may be readier than you think. The key is to leverage the controls and practices that you already should have in place.

What is GDPR?

In December 2015 the EU parliament voted to finalize GDPR and set May 25, 2018 as the deadline for compliance. The primary objective of GDPR is to give citizens control of their personal data. A lot of control! Including the right to erasure, meaning that access rights to personal data can be revoked requiring complete erasure of all their data. Also in scope is likeliness, including metadata – which is data about the data, or data you can use to figure out who the person is; not difficult to do especially with social media which, by the way, is also in scope.

Erasure & Likeliness requirements raise the Data Privacy bar

Life Science Companies Readier Than You Think

The good news for Life Science companies is controls and practices should already be in place as the result of other regulations, such as:

  • Security
  • Risk Management
  • Corrective Action / Preventive Action
  • Data Integrity

Life Science companies can use these controls and practices to demonstrate they are GDPR ready and compliant. However, action is required to demonstrate due diligence.

Develop a GDPR Compliance Assessment / Plan to include

  • Inventory your systems (software, network, cloud, hardware). You need to know systems that are accessing, managing, and processing personal data, including likeliness.
  • Conduct risk assessments. Find out where risks are high or potential problems exist.
  • Mitigate risks. Fix the issues, starting with high risk first.
  • Document! You need objective evidence because, from a regulatory perspective, if it isn’t documented then it didn’t happen.

Leverage Compliance-Related Systems

The ValGenesis Validation Lifecycle Management System (VLMS) can be a powerful tool to help companies comply with GDPR.

First, personal data is not normally stored, processed, or managed in ValGenesis’ VLMS because the system is used to Validate other systems and other systems must be Validated before they’re used in production. It’s not wise to put personal data in a non-validated system or to use personal data to validate a system.

Next, ValGenesis includes functionality that can help organizations execute their GDPR Assessment / Plan, this includes

  • Comprehensive Validation Lifecycle management
  • Decision Trees to determine consistent, compliant outcomes.
  • Inventory of systems, including their validated state.
  • Real-time impact notification of changes.
  • Risk Management.
  • Scheduler for Periodic Reviews and Re-Validation.

Regarding the last bullet point, the ValGenesis Scheduler can be used to conduct controlled assessments based on standardized worksheets to assess systems. Calendar and auto-notification ensures all tasks are done on time. Electronic signatures, audit trail, and a validated document repository delivers immediate access to objective evidence. Mitigated risks can then be formally tested.

Call today to learn more on how ValGenesis VLMS can be leveraged for GDPR compliance.

Summary

The deadline to comply with the EU General Data Protection Regulation (GDPR) is May 25, 2018. Are you ready? For Life Science companies you may be readier than you think. The key is to leverage the controls and practices that you already should have in place.



Author

Steve Thompson

Steve Thompson has worked in Life Sciences for over two decades in both Information Technology and Quality Assurance roles. He’s a certified systems auditor and has audited hundreds of companies globally. A published author, a frequent speaker at industry conferences, on the Board as a Director for PRCSQA, Editorial Advisory Board for ISPE, and Elite Faculty member for KENX, and Adjunct Lecturer, Temple University, School of Pharmacy, RA/QA Graduate Program. He was honored with an APEX 2020 award of excellence for a peer-reviewed article he co-authored for Pharmaceutical Engineering on Blockchain. Currently, as Director Industry Solutions at ValGenesis, Steve helps Life Science organizations realize the potential benefits of advanced technologies, along with inherent risks.