The Cove Business Standards Discussion Forums
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >
Forum Username

Elsmar Cove Forum Visitor Notice(s)

Wooden Line

Thoughts on the impact of the General Data Protection Regulation?

Monitor the Elsmar Forum
Courtesy Quick Links


Links Elsmar Cove visitors will find useful in the quest for knowledge and support:

Jennifer Kirley's
Conway Business Services


Howard's
International Quality Services


Marcelo Antunes'
SQR Consulting, and
Medical Devices Expert Forum


Bob Doering
Bob Doering's Blogs and,
Correct SPC - Precision Machining


Ajit Basrur
Claritas Consulting, LLC



International Standards Bodies - World Wide Standards Bodies

AIAG - Automotive Industry Action Group

ASQ - American Society for Quality

International Organization for Standardization - ISO Standards and Information

NIST's Engineering Statistics Handbook

IRCA - International Register of Certified Auditors

SAE - Society of Automotive Engineers

Quality Digest

IEST - Institute of Environmental Sciences and Technology


Some Related Topic Tags
data security, regulations and regulatory requirements
Reply
 
Thread Tools Search this Thread Rate Thread Content Display Modes
  Post Number #1  
Old 8th February 2017, 03:59 AM
kreid

 
 
Total Posts: 57
Question Thoughts on the impact of the General Data Protection Regulation?

What do you Cove-ers think of the General Data Protection Regulation and what are you doing to prepare for it?

Sponsored Links
  Post Number #2  
Old 8th February 2017, 04:34 AM
shimonv

 
 
Total Posts: 308
Re: Thoughts on the impact of the General Data Protection Regulation?

Hi kreid,
Well, the obvious thing is that we have to abide by it.
The interesting thing is that patient data protection has its own separate regulations in the US and EU markets and that evidence for compliance is not part of the submission process.

I believe FDA was the pioneer of patient data protection through HIPAA and HITECH acts, and the rest of the major markets will follow.

From an RA prospective you need to do the best you can not to include patient health information in your device (~information that identified the patient), but as the digital era and wirelesses communiction expands - it will become more and more a must to include a set of SOPs, WI, and forms as part of your QMS in order to protect patient privacy. It's a big deal. I'm doing one myself right now.
There will be a constant challenge to keep up with all the changes and updates with respect to cybersecurity.

Cheers,
Shimon
Thanks to shimonv for your informative Post and/or Attachment!
  Post Number #3  
Old 8th February 2017, 04:54 AM
Pads38

 
 
Total Posts: 771
Re: Thoughts on the impact of the General Data Protection Regulation?

It is not something that I have had to deal with (yet).

I follow Erik Vollebregt (occasional Covite) blog. He had a good post on this with big warnings on serious consequences to any company that fail to comply. See link below:

https://medicaldeviceslegal.com/2016...a-portability/

(Disclosure: no connections)
Thanks to Pads38 for your informative Post and/or Attachment!
  Post Number #4  
Old 27th April 2018, 06:06 PM
Marc's Avatar
Marc

 
 
Total Posts: 26,672
Re: Thoughts on the impact of the General Data Protection Regulation?

Anything recent on this?
  Post Number #5  
Old 27th April 2018, 08:22 PM
Sidney Vianna's Avatar
Sidney Vianna

 
 
Total Posts: 9,319
Re: Thoughts on the impact of the General Data Protection Regulation?

Some recent discussions on GDPR:

GDPR - General Data Protection Regulation (EU and UK 2018)

EU GDPR General Data Protection Regulation - What we need to update for our QMS

GDPR scope - "Personal data" definition - General Data Protection Regulation

GDPR (General Data Protection Regulation) - My company is ISMS certified
Thank You to Sidney Vianna for your informative Post and/or Attachment!
  Post Number #6  
Old 21st May 2018, 07:16 AM
TomaszPuk

 
 
Total Posts: 4
Re: Thoughts on the impact of the General Data Protection Regulation?

Well, we've followed "standard" GDPR/ISO27001 approach.
  1. Documented personal data categories - in order to know what personal data we are processing.
  2. Conducted risk assessment for these categories - to identify personal data security risks. When doing the assessment remember here about CIA - Confidentiality, Integrity, Availability properties of the information security.
  3. Prepared the risk treatment plan with the currently implemented security measures and those we want/have to implement.
  4. Implemented personal data security measures in three ares: organization, technology, and contractual. On the technology side, remember about these measures that GDPR references directly: encryption, backups, confidentiality, and keeping systems operational.
  5. Then, we keep personal data secure in operations by executing Operations Management Process by IT System Administrators. I personally think this is the most important step in that process.
  6. Finally, at least once a year, or on major change in the company environment, we review the security of the personal data Information Security Management System

Generally we extended slightly ISO 27001 Information Security Management System with GDPR specifics.
Reply

Lower Navigation Bar
Go Back   The Elsmar Cove Business Systems and Standards Discussion Forums > >

Bookmarks



Visitors Currently Viewing this Thread: 1 (0 Registered Visitors (Members) and 1 Unregistered Guest Visitors)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Forum Search
Display Modes Rate Thread Content
Rate Thread Content:

Forum Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Emoticons are On
[IMG] code is On
HTML code is Off


Similar Discussion Threads
Discussion Thread Title Thread Starter Forum Replies Last Post or Poll Vote
EU GDPR General Data Protection Regulation - What we need to update for our QMS Wolf.K EU Medical Device Regulations 10 8th June 2018 03:42 AM
GDPR scope - "Personal data" definition - General Data Protection Regulation lzanini EU Medical Device Regulations 5 6th June 2018 05:27 PM
GDPR - General Data Protection Regulation (EU and UK 2018) Trebor123 Other ISO and International Standards and European Regulations 7 20th March 2018 11:15 AM
GDPR (General Data Protection Regulation) - My company is ISMS certified smohanarangan IEC 27001 - Information Security Management Systems (ISMS) 3 6th March 2018 04:53 AM



The time now is 04:42 AM. All times are GMT -4.
Your time zone can be changed in your UserCP --> Options.



Misc. Internal Links


NOTE: This forum uses "Cookies"