The Cove Business Standards Discussion Forums
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

EU GDPR General Data Protection Regulation - What we need to update for our QMS

Monitor the Elsmar Forum
Courtesy Quick Links


Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services


Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC



International Standards Bodies - World Wide Standards Bodies

AIAG - Automotive Industry Action Group

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Some Related Topic Tags
data collection and/or entry, data encryption, data security, gdpr (eu general data protection regulation), patient data
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 13th December 2017, 11:23 AM
Wolf.K

 
 
Total Posts: 73
Question EU GDPR General Data Protection Regulation - What we need to update for our QMS

Hi, not really MDR stuff, but a EU regulation. Just wonder what we need to update for our QMS? In our clinical evaluation SOP we have a statement that it is not allowed for us to collect personal patient data - only the hospitals/medical doctors shall know the patients; for us they are just numbers...

Is there anything else we should consider?

(we don't use software as a medical device)

Thanks!
Wolf

Sponsored Links
  Post Number #2  
Old 13th December 2017, 11:38 AM
mihzago

 
 
Total Posts: 201
re: EU GDPR General Data Protection Regulation - What we need to update for our QMS

Do you market anything directly to customers? Do you collect any information on your company website?
Do you record personal information when customer calls for support?
Thanks to mihzago for your informative Post and/or Attachment!
  Post Number #3  
Old 13th December 2017, 01:17 PM
Paul Simpson's Avatar
Paul Simpson

 
 
Total Posts: 1,834
re: EU GDPR General Data Protection Regulation - What we need to update for our QMS

Quote:
In Reply to Parent Post by Wolf.K View Post

Hi, not really MDR stuff, but a EU regulation. Just wonder what we need to update for our QMS? In our clinical evaluation SOP we have a statement that it is not allowed for us to collect personal patient data - only the hospitals/medical doctors shall know the patients; for us they are just numbers...

Is there anything else we should consider?

(we don't use software as a medical device)

Thanks!
Wolf
Hi, Wolf. This regulation applies to any organisation holding data on EU citizens. There is a lot to it, so difficult to summarize here, many of the requirements relate to citizen's rights for anonymity and to be forgotten if they wish. Your system should allow for these rights.

From your post about 'your' data being anonymized it may be you are already in the clear. If you have any specifics please come back with questions.
Thanks to Paul Simpson for your informative Post and/or Attachment!
  Post Number #4  
Old 13th December 2017, 01:40 PM
pkost

 
 
Total Posts: 824
re: EU GDPR General Data Protection Regulation - What we need to update for our QMS

I'm not sure the data is fully anonymised - It may be worth looking into whether there are any obligations where you may not know the patient, but if you provided the complaint reference to the hospital they would be able to link it to an individual;

Additionally depending on your products, there may be a very small subset of patients that have the specific conditions your records detail that for a particularly determined person could expose the patient id
Thanks to pkost for your informative Post and/or Attachment!
  Post Number #5  
Old 13th March 2018, 11:47 AM
lzanini

 
 
Total Posts: 4
Re: EU GDPR General Data Protection Regulation - What we need to update for our QMS

Quote:
In Reply to Parent Post by Paul Simpson View Post

Hi, Wolf. This regulation applies to any organisation holding data on EU citizens. There is a lot to it, so difficult to summarize here, many of the requirements relate to citizen's rights for anonymity and to be forgotten if they wish. Your system should allow for these rights.

From your post about 'your' data being anonymized it may be you are already in the clear. If you have any specifics please come back with questions.
Dear Paul,
I just began with regulatury affairs and hence, the RGPD. Did you mean here that if the data is anonymized, then the RGPD doesn't apply ?
To be a bit more specific, our devices are meant to collect monitoring data from patients in a hospital. If we decide that our company won't ever have access to the patients identity through the data (leaving us with numbers only), and that only the hospital will actually be able to link a patient to its data, then how the RGPD would apply to us ?
Thank you in advance for your help,
Kind regards,
Laura
  Post Number #6  
Old 19th March 2018, 08:52 AM
Paul Simpson's Avatar
Paul Simpson

 
 
Total Posts: 1,834
Re: EU GDPR General Data Protection Regulation - What we need to update for our QMS

Quote:
In Reply to Parent Post by lzanini View Post

Dear Paul,
I just began with regulatury affairs and hence, the RGPD. Did you mean here that if the data is anonymized, then the RGPD doesn't apply ?
Hi, Laura. Sorry for the delay. I have been working away and am just catching up on email. No, the GDPR / RGPD will always apply to any data processor. My response to Wolf was that it may be that s/he would not have to make any changes to their procedure.
Quote:
In Reply to Parent Post by lzanini View Post

To be a bit more specific, our devices are meant to collect monitoring data from patients in a hospital. If we decide that our company won't ever have access to the patients identity through the data (leaving us with numbers only), and that only the hospital will actually be able to link a patient to its data, then how the RGPD would apply to us ?
Thank you in advance for your help,
Kind regards,
Laura
Although the GDPR / RGPD are both based on an EU Directive I'd recommend you review local guidance and the letter of the regulation to make sure you have the details correct. Unless there is another poster on here who can provide some local advice.

If you deal with anonymized data the scope of your responsibility will be much reduced but there are still duties to look after data and prevent it from being accessed and altered and to destroy the data if required to do so.

I hope this helps.
  Post Number #7  
Old 6th June 2018, 07:12 PM
Mark Meer

 
 
Total Posts: 891
Re: EU GDPR General Data Protection Regulation - What we need to update for our QMS

Quote:
In Reply to Parent Post by mihzago View Post

Do you market anything directly to customers? Do you collect any information on your company website?
Do you record personal information when customer calls for support?
Oh man, I hadn't even considered this! ...I was focused on the device/product side, and not our internal QM systems...

So, if we employ a networked (cloud-based) customer management system (where customer contact information is maintained, and customer names are tied to order and feedback records), what do we have to do? Presumably, we don't have to ask for a customer's consent to maintain their information for the purposes of shipping, returns, and complaints....or do we?

Come to think of it, wouldn't emails be under the scope too? After all, they all include names and contact information, and are "filed" on the email server...
  Post Number #8  
Old 7th June 2018, 08:12 AM
FoGia

 
 
Total Posts: 50
Re: EU GDPR General Data Protection Regulation - What we need to update for our QMS

Don't forget the processing of your complaints, AE reporting, ...
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > > >

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
GDPR scope - "Personal data" definition - General Data Protection Regulation lzanini EU Medical Device Regulations 5 6th June 2018 05:27 PM
Thoughts on the impact of the General Data Protection Regulation? kreid Medical Information Technology, Medical Software and Health Informatics 5 21st May 2018 07:16 AM
GDPR - General Data Protection Regulation (EU and UK 2018) Trebor123 Other ISO and International Standards and European Regulations 7 20th March 2018 11:15 AM
GDPR (General Data Protection Regulation) - My company is ISMS certified smohanarangan IEC 27001 - Information Security Management Systems (ISMS) 3 6th March 2018 04:53 AM



The time now is 06:41 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.



Misc. Internal Links


NOTE: This forum uses "Cookies"