Call Us Today at 508-231-8842        EMERGENCY

If you’re a medical device manufacturer planning do to business with the European Union you need to know about the regulatory change that took place in May 2018 that could have operational process and financial implications for your business.

The new General Data Protection Regulation (GDPR) contains both existing and new data privacy requirements that, if not met, can result in significant fines of up to 20 million Euro or four percent of annual turnover. Maintaining compliance is required of organizations as well as relevant vendors and partners and is critically important to ensuring that organizational IT ecosystems are doing all they can to help customers protect individual rights and freedoms.

One of the newest requirements is the need to respond to a data breach or loss within 72 hours and provide a full report of the event or incident that includes details such as how many individuals were affected and the type of data compromised. Consequences of the breach must also be reported, based on the disclosure of what the organization believes happened based on evidence, potential implications, as well as measures taken and that will be taken to mitigate the risks that were identified within the breach disclosure report.

To adequately respond to the change in regulations as a result of GDPR implementation, medical device firms should ensure that employees are well-trained at bringing issues to the attention of management. This can affect employees throughout your organization, from ground-level staff, who need to know what personal data is and how to manage it, to the triage and incident response (IR) teams, who will need to be involved for issues that need immediate resolution. It would also be advisable to work with an experienced medical device consulting firm, especially one that specializes in medical regulatory consulting.

Central to how you handle data and protect it from illegal access is how you gather that data in the first place. If your firm is going to collect personally identifiable information (PII) you must be sure to receive customer consent before you track it and your collection process must follow US HIPAA regulation. If at any time the customer requests to stop being tracked, your company must stop and purge that customer’s information from your files.

As organizations adopt data breach and data security and privacy regulations across the globe, a primary concern is how to develop standard processes to address individual sets of requirements. One approach that can help bootstrap process development is to create a basic set of data

protection principles consisting of principles and FAQs that cover a number of practice pointers to help drive home key concepts to employees using standardized terminology. A broader, integrated approach to training and process development will help standardize responses to a wide range of regulatory issues stemming from GDPR, HIPAA, EU-US Privacy Shield, etc.

When it comes to data protection, the ideal situation is no situation at all. That means avoiding being breached, but if and when it happens, being prepared with a strong foundation will serve well in helping assess, remediate, and respond quickly and appropriately.

For more information about developing and implementing regulatory strategies, please contact the medical regulatory consulting specialists here at MEDIcept.

Sign up to receive our Newsletters!

The Latest News

Europe’s New Medical Devices Regulation: Ready or Not, Here It Comes

For the past 30 years, the European Union’s medical device market has been regulated by the Medical Devices Directive (MDD). The rapid development of hybrid technologies, tensions between EU member states, and highly bureaucratic procedures for resolving disputes made the text of the Medical Devices Directives seem obsolete much earlier than anticipated. As a result, the European Commission authorized the development of a new set of industry requirements known as the Medical Devices Regulation...

MEDIcept Now Offers CRO Services

November 14, 2019, Ashland, MA – MEDIcept Inc., a leading international Quality and Regulatory consulting firm focused on medical device and invitro diagnostics, and ACMP Consulting, Acton, MA have entered into an agreement to provide Clinical Research Organization (CRO) services for early phase, pre-, and post-market studies to the healthcare industry. The MEDIcept/ACMP agreement will offer medical device companies full clinical operations support, including: protocol development, site...

Artificial Intelligence: What you need to know about next-gen smart medical device compliance

Recent strides in artificial intelligence (AI) and machine learning technology is opening the door to the development of increasingly smart medical devices capable of turning big data and digital information into actionable insights for healthcare professionals. AI is having a significant impact on the evolution of smart devices and how healthcare will be delivered in the future. AI, coupled with machine learning, is calling into question what it means to approve a medical device capable of...