The EU General Data Protection Regulation was made effective on the 25th of May 2018. Pharma IT offers several services in respect to the implementation of GDPR in pharmaceutical companies.
EU GDPR Implementation
If you haven not already done so we recommend that the following activities are planned and executed:
- Create a process overview of departments handling personal data
- Map the personal data processed into the process overview
- Map the existing security measures and compliance to the GDPR
- Identify gaps to the GDPR in the created process and data flow overview
- Create Data Protection Impact Assessment document based on the above collected information
- Initiate project/tasks to close the identified gaps (if any)
In many cases, existing systems and process will be sufficient and compliant with GDPR, but the full process and IT systems will still need to be reviewed in the view of GDPR and where gaps are identified these should be closed.
Data Protection Officer
The GDPR states that a data protection officer shall be designated in any case where the core activities of the controller or the processor consist of processing operations which require regular and systematic monitoring of data subjects on a large scale (article 37).
This role can be outsourced and it’s a service we are already providing.