Call Us Today at 508-231-8842        EMERGENCY

If you’re a medical device manufacturer planning do to business with the European Union you need to know about the regulatory change that took place in May 2018 that could have operational process and financial implications for your business.

The new General Data Protection Regulation (GDPR) contains both existing and new data privacy requirements that, if not met, can result in significant fines of up to 20 million Euro or four percent of annual turnover. Maintaining compliance is required of organizations as well as relevant vendors and partners and is critically important to ensuring that organizational IT ecosystems are doing all they can to help customers protect individual rights and freedoms.

One of the newest requirements is the need to respond to a data breach or loss within 72 hours and provide a full report of the event or incident that includes details such as how many individuals were affected and the type of data compromised. Consequences of the breach must also be reported, based on the disclosure of what the organization believes happened based on evidence, potential implications, as well as measures taken and that will be taken to mitigate the risks that were identified within the breach disclosure report.

To adequately respond to the change in regulations as a result of GDPR implementation, medical device firms should ensure that employees are well-trained at bringing issues to the attention of management. This can affect employees throughout your organization, from ground-level staff, who need to know what personal data is and how to manage it, to the triage and incident response (IR) teams, who will need to be involved for issues that need immediate resolution. It would also be advisable to work with an experienced medical device consulting firm, especially one that specializes in medical regulatory consulting.

Central to how you handle data and protect it from illegal access is how you gather that data in the first place. If your firm is going to collect personally identifiable information (PII) you must be sure to receive customer consent before you track it and your collection process must follow US HIPAA regulation. If at any time the customer requests to stop being tracked, your company must stop and purge that customer’s information from your files.

As organizations adopt data breach and data security and privacy regulations across the globe, a primary concern is how to develop standard processes to address individual sets of requirements. One approach that can help bootstrap process development is to create a basic set of data

protection principles consisting of principles and FAQs that cover a number of practice pointers to help drive home key concepts to employees using standardized terminology. A broader, integrated approach to training and process development will help standardize responses to a wide range of regulatory issues stemming from GDPR, HIPAA, EU-US Privacy Shield, etc.

When it comes to data protection, the ideal situation is no situation at all. That means avoiding being breached, but if and when it happens, being prepared with a strong foundation will serve well in helping assess, remediate, and respond quickly and appropriately.

For more information about developing and implementing regulatory strategies, please contact the medical regulatory consulting specialists here at MEDIcept.

Sign up to receive our Newsletters!

The Latest News

Two Premier Medical Device Firms Merge to Provide More Comprehensive Services

Ashland, MA: MEDIcept Inc, a leading international quality and regulatory consulting firm focused on medical device and in-vitro diagnostics (IVD), and Reilly & Associates, a US-based privately held consulting firm specializing in medical device/biotechnology, announces the merger of the two companies.The merger promotes the shared strategic goal of becoming a world-wide, leading quality and regulatory value-added service firm focusing on medical devices and medical technology....

How Can You Outsource Quality Assurance?

If you’re a medical device manufacturer – and especially a smaller one, such as a recent start-up – the real question might be “How can you NOT outsource quality assurance?” Smaller firms such as start-ups are especially vulnerable to issues surrounding quality assurance and quality system development. Hiring an experienced QA professional or quality engineer can cut deeply into limited funds, never mind actually getting a Quality Management System (QMS) up and running. For small or...
What You Need to Know About GDPR

What You Need to Know About GDPR

If you’re a medical device manufacturer planning do to business with the European Union you need to know about the regulatory change that took place in May 2018 that could have operational process and financial implications for your business. The new General Data Protection Regulation (GDPR) contains both existing and new data privacy requirements that, if not met, can result in significant fines of up to 20 million Euro or four percent of annual turnover. Maintaining compliance is required of...