The deadline to comply with the EU General Data Protection Regulation (GDPR) is May 25, 2018. Are you ready? For Life Science companies you may be readier than you think. The key is to leverage the controls and practices that you already should have in place.
What is GDPR?
In December 2015 the EU parliament voted to finalize GDPR and set May 25, 2018 as the deadline for compliance. The primary objective of GDPR is to give citizens control of their personal data. A lot of control! Including the right to erasure, meaning that access rights to personal data can be revoked requiring complete erasure of all their data. Also in scope is likeliness, including metadata – which is data about the data, or data you can use to figure out who the person is; not difficult to do especially with social media which, by the way, is also in scope.
Erasure & Likeliness requirements raise the Data Privacy bar
Life Science Companies Readier Than You Think:
The good news for Life Science companies is controls and practices should already be in place as the result of other regulations, such as:
- Risk Management
- Corrective Action / Preventive Action
- Data Integrity
Life Science companies can use these controls and practices to demonstrate they are GDPR ready and compliant. However, action is required to demonstrate due diligence.
Develop a GDPR Compliance Assessment / Plan to include:
- Inventory your systems (software, network, cloud, hardware). You need to know systems that are accessing, managing, and processing personal data, including likeliness.
- Conduct risk assessments. Find out where risks are high or potential problems exist.
- Mitigate risks. Fix the issues, starting with high risk first.
- Document! You need objective evidence because, from a regulatory perspective, if it isn’t documented then it didn’t happen.
Leverage Compliance-Related Systems
The ValGenesis Validation Lifecycle Management System (VLMS) can be a powerful tool to help companies comply with GDPR.
First, personal data is not normally stored, processed, or managed in ValGenesis’ VLMS because the system is used to Validate other systems and other systems must be Validated before they’re used in production. It’s not wise to put personal data in a non-validated system or to use personal data to validate a system.
Next, ValGenesis includes functionality that can help organizations execute their GDPR Assessment / Plan, this includes
- Comprehensive Validation Lifecycle management
- Decision Trees to determine consistent, compliant outcomes.
- Inventory of systems, including their validated state.
- Real-time impact notification of changes.
- Risk Management.
- Scheduler for Periodic Reviews and Re-Validation.
Regarding the last bullet point, the ValGenesis Scheduler can be used to conduct controlled assessments based on standardized worksheets to assess systems. Calendar and auto-notification ensures all tasks are done on time. Electronic signatures, audit trail, and a validated document repository delivers immediate access to objective evidence. Mitigated risks can then be formally tested.
Call today to learn more on how ValGenesis VLMS can be leveraged for GDPR compliance.
About the Author
|Steve Thompson is Senior Manager of Professional Services and is responsible for managing ValGenesis’s Implementation & Professional Services in the West Coast Region of the United States. Steve has over 20 years oGxP experience in Life Sciences (including Medical Device), is a Parenteral Drug Association (PDA) certified Auditor, has held managerial positions at various levels within Information Technology (IT) and Quality Assurance (QA) for major organizations, is a published author and has presented at several conferences and industry associations. Steve has a B.S. in Computer Information Systems from DeVry University, City of Industry, California.|
GDPR GDPR Compliance Life Science Industries VLMS