As private information becomes an increasingly valuable currency, the risk of data breaches spiked significantly across a number of industries dealing with sensitive customer data. Across the globe, lawmakers have been hard at work creating policies that favor consumers and the protection of their personal information. In 2016, the European Parliament adopted the General Data Protection Regulation (GDPR), carrying provisions that required businesses to protect European citizens from exploitations of personal data by businesses making transactions within European states.
Going into effect this Spring (May 25th, 2018), the GDPR is a formidable regulation that requires businesses to protect the personal data and privacy of European citizens, focusing specifically on transactions that occur within European territory. With short time between the present and its official launch in May, there are serious timelines that businesses operating within EU territories must adhere to. If these timelines are not respected and patient/citizen data is breached, these violations can come at a large cost.
Ultimately, the GDPR sets new standards for consumer rights regarding access to personal data, and organization within the EU should be paying attention – especially clinical research organizations.
How does the GDPR impact clinical trial research?
With the GDPR taking effect in May, there are three key changes that experts are highlighting:
- Increased territorial scope
- Increased penalties
- Improved patient consent
In discussions leading up to the GDPR, a great deal of attention has been placed on how the regulations will affect financial banking industries in the EU. However, experts worry that those in clinical research and pharma are not as prepared to meet these new compliance standards.
“I believe this is a critical topic for the pharma industry,” says Susan Shelby, Sr. VP of clinical operations for clinical research organization Biomedical Systems. “It will have a significant impact on this industry. I’m convinced companies are not prepared for it, the penalties are steep and it doesn’t seem that enough people are discussing it.”
How can clinical research organizations prepare themselves for the upcoming GDPR?
As clinical research organizations make their way into Spring 2018, awareness and open discussion is the best first step for preparedness. Organizations need to increase their discussions surrounding disclosure of patient data among vetted parties. Ramping up awareness includes understanding the logistics of GDPR as well as the penalties of breaching new upcoming compliance standards. Moreover, clinical researchers should familiarize themselves with current practices within their organization and engage in active conversation about how their practices can adjust to meet the GDPR standards.
Want to learn more about the GDPR? Check out these resources: