PharmaPrivacy.com is your resource for demystifying the complex world of data protection while applying the nuances of the pharmaceutical industry. Here at PharmaPrivacy.com, we’ve seen it all – marketed products, investigational products, sponsors, CROs, labs, and other vendors, so we’re here to help you understand how GDPR and other international regulations affect your specific operations and how to most efficiently develop a compliance program tailored to your specific needs.
Top Privacy Compliance Risks
The biggest demonstrator of GDPR compliance is proper documentation. This extends beyond your required policies, procedures, and privacy notices, but also to contracts in place with vendors, clinical trial sites, and employees.
How confident are you in your GDPR documentation?
Unlike other US-regulated activities, GDPR responsibilities cannot be contractually transferred to vendors. Controllers and processors are each independently responsible for their own data protection activities, but the controller ultimately remains responsible for ensuring the protection of personal data of its data subjects. Do you have sufficient contracts in place with vendors regarding their responsibilities to protect personal data?
How confident are you in their compliance?
Any data transferred from the EU or UK to the US has to be subject to an approved mechanism of transfer (Article 46, GDPR). Transfers include not just storage but viewing too. If personal data is accessible in the US such as clinical trial subject data in the EDC (even if pseudonymized), patient data, or physician data, you must have an
approved mechanism of transfer. This is the most common reason US companies are in the news for GDPR non-compliance. Do you know what your transfer mechanisms are to make your transfers legal?