GDPR: New Considerations And Shared Experiences For Life Sciences Companies

By Cynthia Jones, Director Quality Assurance and Rebecca Maizel, Quality Assurance, TransPerfect Life Sciences

Clinical trial subjects will have new privacy rights with the implementation of the EU’s upcoming data privacy regulation—GDPR. In general, the fact that life sciences companies are heavily regulated may, in some ways, create an advantage for preparations as they are responsible for complying with GxP, ANNEX 11, ISO, 21 CFR Part 11, and other such regulations, as well as enforcing operational standards via SOPs and quality management. However, life sciences companies are far from off-the-hook and should not take their preparedness for granted.

A Brief Overview of GDPR

In April 2016, the European Parliament approved the EU General Data Protection Regulation (GDPR) with a commencement date of May 25, 2018. This regulation will replace the Data Protection Directive 95/46/EC with the stated aim to “harmonize data privacy laws across the EU.” This is an effort to better protect the personal data of individuals within the EU and set a precedent for data privacy and security. The regulation provides policy around any data that can be used to directly or indirectly identify a person, such as their name, photos, email addresses, bank details, posts on social networking websites, medical information, or a computer IP address.