Bioanalytical Community

Hello!

I was wondering how everyone is handling the new GDPR regulations with regards to clinical samples and associated data from the EU. It seems that even pseudonymized data is requiring a higher level of GDPR protection. 

What are your companies putting into place, if anything? Or do you currently procedures covering GDPR?

Thanks!

Michele

Even beyond GDPR, many low and middle income countries have sophisticated data privacy laws. For example, South Africa has POPIA (https://popia.co.za/) and Vietnam has recently announced law to strengthen their data privacy (https://www.aseanbriefing.com/news/vietnams-legal-framework-for-personal-data-protection-initiated/). It is fair to say that the US is lagging behind the rest of the world, and that data security is top of mind for our customers.

On a laboratory level, we are eliminating email attachments as much as possible and instead using a Gates MRI-owned Teams Channel to share presentations and draft documents. With Gates MRI control of access permissions, we can ensure that only authorized people have access. It is a little more flexible than the Sharepoint we used to use because the business owners have control of adding new individuals as opposed to centralized through IT. We also have data privacy provisions in nearly all of our contracts now. Even if the clinical trial data was fully anonymized, the business contacts with our suppliers also trigger data privacy, so we are taking a conservative approach.

Hello!

I was wondering how everyone is handling the new GDPR regulations with regards to clinical samples and associated data from the EU. It seems that even pseudonymized data is requiring a higher level of GDPR protection. 

What are your companies putting into place, if anything? Or do you currently procedures covering GDPR?

Thanks!

Michele

Thank you Jolene, for the response. Our EU consultant has shared that even subject IDs without any other identifying information may be considered personal information; which I don't think was the approach prior to regulations coming into effect. 

Even beyond GDPR, many low and middle income countries have sophisticated data privacy laws. For example, South Africa has POPIA (https://popia.co.za/) and Vietnam has recently announced law to strengthen their data privacy (https://www.aseanbriefing.com/news/vietnams-legal-framework-for-personal-data-protection-initiated/). It is fair to say that the US is lagging behind the rest of the world, and that data security is top of mind for our customers.

On a laboratory level, we are eliminating email attachments as much as possible and instead using a Gates MRI-owned Teams Channel to share presentations and draft documents. With Gates MRI control of access permissions, we can ensure that only authorized people have access. It is a little more flexible than the Sharepoint we used to use because the business owners have control of adding new individuals as opposed to centralized through IT. We also have data privacy provisions in nearly all of our contracts now. Even if the clinical trial data was fully anonymized, the business contacts with our suppliers also trigger data privacy, so we are taking a conservative approach.

Hello!

I was wondering how everyone is handling the new GDPR regulations with regards to clinical samples and associated data from the EU. It seems that even pseudonymized data is requiring a higher level of GDPR protection. 

What are your companies putting into place, if anything? Or do you currently procedures covering GDPR?

Thanks!

Michele

Hello!

I was wondering how everyone is handling the new GDPR regulations with regards to clinical samples and associated data from the EU. It seems that even pseudonymized data is requiring a higher level of GDPR protection. 

What are your companies putting into place, if anything? Or do you currently procedures covering GDPR?

Thanks!

Michele