Data protection has been on the minds of people in and out of the biotech sector for months now as reports of breaches and hacks of companies like Home Depot, Facebook and more have flooded the news-ways for some time.
Next month the rules on holding private data for companies in Europe will change and that is forcing U.S.-based pharma companies to plan. The comprehensive General Data Protection Regulation (GDPR) takes effect May 25. According to a report on Pharmaphorum, the European Commission overhauled its previous privacy laws in order to "strengthen and unify data protection" within the European Union, as well as "address the export of personal data outside the EU."
The new rules require companies, no matter where they are headquartered, to gain consent if they wish to use data of EU citizens. The requests must be "explicit, easily accessible and clearly explain how an individual’s data will be processed," Pharma Phorum noted. Any data that could potentially lead to the identification of an individual must be redacted. In addition to the clear consent rules, the GDPR allows for EU citizens to withdraw their consent in what is known as "the right to be forgotten."
That right to be forgotten rule could be a sticking point for some pharma development. Pharma Phorum noted that not only do drug developers use the data but so too do additional stakeholders, such as researchers, hospitals and contract research organizations. Any retraction of consent could become a serious global challenge.
Under GDPR companies will have to have a clear definition of how they are using the data gained from customers. In an analysis of the new law, Pharma Times said many healthcare companies, which include the pharma and biotech industry, operate under a legal basis known as legitimate interest.
"Under GDPR, legitimate interest means an organization has a reason to hold someone’s information on its database, but it hasn’t necessarily obtained their consent," Pharma Times wrote.
The publication said many companies will have to send out notices to those whose data they possess and notify them of the data and how it is being used.
The big question now is "are the pharma companies ready for the new law to go into effect?" Pharma Times notes that companies that are following current EU laws "to the letter" won’t have much trouble adapting to any changes next month.
"However, data controllers or data processors who have tried to push the boundaries around use and purpose, or who have databases that have remained untouched for years, could find themselves in trouble," the publication reported.
Register as Visitor to CPhI China 2018!
ALL
Pharma in China
Pharma Experts
Market News
Products Guide
Brand Story
Pharma Sources Insight June 2024: Globalization on the Go
