CIO Review’s Article: GDPR Conformity for Life Sciences
November 25, 2019
The induction of GDPR has revamped the perception of data in the sight of the world. All the existing data protection legislations in EU member states have been replaced by GDPR. This steep turn has left companies in the EU and EU economic area perplexed regarding managing the overall aspects of compliance and bringing conformity with business as usual (BAU) processes. Especially when it comes to clinical research, the scenario is much more complex as it could involve numerous countries outside the EU. With so many possible nation-specific scenarios, there is a need for grass-roots level understanding of GDPR along with a good knowledge of the local differences for the systemic and efficient use of data. The path to a pragmatic, efficient understanding of all these regulations and a tailor-made application for different workspaces is the need of the hour.
Discerning these challenges better, MyData-Trust, a Belgium based company, provides strategic, operational, and organisational support, contributing legal and technical services for a successful data protection implementation to the life sciences sector.
He goes on to explain about the services offered by MyData-Trust in the area of clinical research. The company imparts education and training on the various intricacies of the GDPR landscape to its clients. This helps clients in understanding and evaluating the challenges posed by the complex GDPR. The company performs gap analysis to determine the critical processes of its clients and map the flow of their data, through which it ascertains the steps necessary to ensure a successful compliance with regulations.
MyData-Trust also implements Data-Protection-Officer-as-a-Service (DPOaaS), for companies to have access to skilled and certified people with extensive experience across numerous sectors such as legal, IT, and life sciences. This helps MyData-Trust and the client to work in tandem towards both pharmaceutical R&D and GDPR compliance. Adding to this, the firm extends legal support to its clients and also helps them set up Binding Corporate Rules for transactions with companies outside the EU.
On the solutions front, MyData-Trust’s privacy management solution PrivaREG, is a centralised platform integrating standard reports and streamlining communication to subjects and authorities, which is compliant with the local government specificities. This is a collaborative tool to assess and monitor data protection for a consolidated register of data processing activities.
MyData-Trust has worked with about 130 projects in the life sciences sector, which showcases their expertise in the field. When one of their clients wanted to use the compassionate use program on a patient whose condition was critical, MyData-Trust was called in to handle the data transfer of the patient’s records to the medical company. Managing the documentation as well as taking care of the rights of patients was a challenging task, which MyData-Trust carried out with precision. In another instance, a company developing mobile applications wanted to design an app, through which subjects involved in a clinical procedure could easily provide data and set reminders for appointments with doctors with their smartphones. MyData-Trust had consultations with Google and Apple and made the app compliant with both GDPR and the app store rules.
With MyData-Trust achieving service maturity, Xavier says the company’s think tanks are working to innovate their solutions portfolio. He strongly believes that GDPR can be used for improving the capacity in clinical research in the coming future. The recruitment and retention of the patients for the clinical trials can improve if the companies become compliant. “Data protection is not a constraint. It is a way to bring in more security to the patient’s data, and consequently attain patient centricity” Xavier concludes.