EU GDPR was put into force 25. May 2018 and is estimated to have a huge impact on the way we use and share personal data. The regulation requires all public authorities and private businesses, including pharmaceutical companies, to deploy sufficient IT security for the protection of personal data processed in the organization.
Specifically, EU GDPR requires an assessment of the organization’s security level in relation to privacy. The purpose of the assessment is to identify specific related risks. On this basis, IT security controls shall be designed and implemented in the right places in the organization, including processing authorization and proportionality, policies and processes, access control and deletion, encryption and logging, ownership and data processors.
This presentation will outline the key elements of the EU GDPR regulation with special focus on areas that have particular importance to pharmaceutical companies. Based on experience from a number of EU GDPR projects, the presentation will then provide a summary of the areas where sensitive personal data can be found in particular, and what legal basis a pharmaceutical company would normally have to administrate such data.
The presentation will also provide a check-list of activities to consider becoming compliant with EU GDPR.
Thomas Hornbæk Svendsen works as Managing Consultant at NNIT and has more than 18 years of consulting experience within the life sciences domain with special focus on regulatory affairs and key expertise within document management, submission management, registration tracking and EU GDPR. Thomas has been part of a number of EU GDPR impact assessment projects within the last three years, working with life science companies in Denmark, Europe and the US.