GDPR - General Data Protection Regulation (EU and UK 2018)

Trebor123

Involved In Discussions
#1
The EU General Data Protection Regulation (GDPR)

All kicking off 2018


How many UK and EU Quality staff are getting involved at company level, have you nominated a DPO (Data protection officer/person), difficult for small companies?

any thoughts?

any good training companies in the uk?

any recommendations

many thanks


:bigwave:
 
Elsmar Forum Sponsor

pkost

Trusted Information Resource
#2
We're a small company so I get involved in most things. If you are in medical devices the new ISO standard makes reference to data protection therefore quality people in the MD world are likely to be pulled in

We already have a DPO, we haven't been on any training

I'm curious about our obligations to inform data subjects when we obtain their data through sources other than themselves...does anyone have any insight on this?
 

Trebor123

Involved In Discussions
#3
Hi

yes I am just reading the implications

what annoys me is that the UK has always had time scales to hold data, say 3, 4, 7, 40 and 100 years and so on for accident, HR etc.

so if an individual wants to claim, under the new regulation a company may have deleted their information, therefore there will be no defence

leaving the company wide open to the claim as it cannot say, yes no or indifferent.

there is nothing joined up about the GDPR and the EU are NUTS...

yet another Regulation that the rest of Europe will probably ignore !
 

Ian_Morris

Involved In Discussions
#4
Hi,

We have been looking at the GDPR for a little time now.

For training there are many organisations out there but two providers worth looking at would be IT Governance and PDP training. I have experience or have been told by trusted colleagues that these guys are very good.

The impact on your organisation will depend very much on what your business is and who your customer and contact base is.

If you are B2B manufacturing, it is likely that the only impact you will have will be your employee data, however if you are B2C or do any form of direct marketing / website sales or similar then there will be implications.

As Trebor123 said, one of the biggest hurdles will be the right to be forgotten and justifying data retention times, when there is no statutory requirement to hold data as the time limits for holding data is set as 5 years when the Limitation Act sets 6, 12 or even 15 years for bringing claims against a company, and that is before you look at some of the timelines for H & S health monitoring claims.

It is going to be fun over the next few years whilst we get to grips with the requirements and implementation of systems and technology to cope with the changes in the requirements.
 

Trebor123

Involved In Discussions
#5
Ian

many thanks

yes agree !!

maybe time to retire !! lol we wish..

if you have any contacts or other good sites etc

please drop me a PM

Regards
 
#7
I am doing an excellent free online course at the moment run by Groningen University. As you would expect the English is very European but it is generally understandable. Also since our government is pretty well translating the GDPR regs straight into UK legislation wholesale to prevent problems with not being on approved data lists after Brexit, there are no significant gaps.

I can't add a link as this is my first post, but it is via Future Learn and Groningen University and the name of the course is Understanding the General Data Protection Regulation

I hope this helps someone.
 

Ian_Morris

Involved In Discussions
#8
Sorry for the delay in responding - I didn't see the response asking for guidance or support.
Bearing in mind this is UK centric, the Information Commissioner's Office (ICO) has some great guidance documents and checklists that would generally be suitable for all.

The other source that I go to is YouTube - especially anything from IT Governance. Search for GDPR and there will be loads of free stuff available there.

A few things to watch out for specifically:

There are a lot of people trying to make a lot of money from GDPR so beware that you don't get ripped off and get poor information. Anyone focussing on the doom and gloom of the fines I would be especially aware of.

Article 30 - record of all processing activities

Direct marketing - this also includes elements of the Privacy and Electronic Communications Regulations (again there is some really useful stuff on the ICO website)

Home | ICO is the home website for the ICO
 
Thread starter Similar threads Forum Replies Date
MrTetris GDPR - General Data Protection Regulation - Only applicable to EU data? Other ISO and International Standards and European Regulations 6
L GDPR scope - "Personal data" definition - General Data Protection Regulation EU Medical Device Regulations 5
S GDPR (General Data Protection Regulation) - My company is ISMS certified IEC 27001 - Information Security Management Systems (ISMS) 3
W EU GDPR General Data Protection Regulation - What we need to update for our QMS EU Medical Device Regulations 14
Ed Panek GDPR in Urgent Healthcare Setting Other ISO and International Standards and European Regulations 1
M GDPR - Is anonymizing sufficient to address right to erasure? Medical Information Technology, Medical Software and Health Informatics 3
C How medical device manufacturers are implementing standards like GDPR and HIPAA Other ISO and International Standards and European Regulations 5
D HIPAA and GDPR applies? Medical therapy device ISO 13485:2016 - Medical Device Quality Management Systems 0
MrTetris GDPR - Purposes and duration of data collection Other ISO and International Standards and European Regulations 8
Marc Privacy Policy - EU GDPR Compliance - 1 December 2018 Elsmar Cove Forum ToS and Forum Policies 0
L Implementation of ISO 27001 as part of the GDPR compliance journey Other Medical Device Related Standards 2
K GDPR - Is it really necessary for the DPO(s) to be knowledgeable to Data Privacy Law? IEC 27001 - Information Security Management Systems (ISMS) 3
F DPA 2018 & GDPR 2016 EU Medical Device Regulations 1
M GDPR - Data portability and Data Deletion EU Medical Device Regulations 6
Q GDPR consulting service for Medical device Company EU Medical Device Regulations 0
Marc GDPR - EU Directive 2016/679 and the Elsmar Cove Discussion Forum Elsmar Cove Forum ToS and Forum Policies 3
T GDPR impact on ISO 9001 and Quality ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
Y What are different Special Inspection Level 1-4 and General spesification 1-3 ? AQL - Acceptable Quality Level 0
B General Motors and Honda Alliance - What does this mean to suppliers? IATF 16949 - Automotive Quality Systems Standard 3
F General Data Protection Regulation (GDRP) CE Marking (Conformité Européene) / CB Scheme 6
A Interpretation of GMP Requirements for class 1 medical device manufacturer (device GMP exempt, only General controls applicable) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
D Importing a general wellness low risk product Other US Medical Device Regulations 3
M ISO 13485 for general purpose disinfectants? ISO 13485:2016 - Medical Device Quality Management Systems 9
M Do you need an Applicable general safety and performance requirements Checklist? EU Medical Device Regulations 2
DitchDigger UDI, Labeling Accessories, General Insanity, Etc. US Food and Drug Administration (FDA) 1
G Problem Resolution Report Monitoring - Customer complaint or PRR as general motors use Customer Complaints 12
P Is there a counterpart to the General Safety and Performance Regulations for the USA? Other US Medical Device Regulations 2
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
M Informational WHO – Report by the Director-General – Standardization of medical devices nomenclature Medical Device and FDA Regulations and Standards News 0
J General Motors SSE Launch Algorithm - SCMS's Service Industry Specific Topics 0
D Incoming (Receiving) Inspection - General form for incoming part inspection Document Control Systems, Procedures, Forms and Templates 17
M Informational 2019 Meeting Materials of the General and Plastic Surgery Devices Panel Medical Device and FDA Regulations and Standards News 0
M FDA Guidance - general wellness products - wearables Other Medical Device Related Standards 3
M Informational The USFDA Announces General and Plastic Surgery Devices Panel of the Medical Devices Advisory Committee Meeting on March 25-26, 2019 Medical Device and FDA Regulations and Standards News 0
M Oxygen enriched environment applicability - Operating table used in general surgeries in hospital IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
Marc Definition GSPR - General Safety and Performance Requirements Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 0
M Annex I - General Safety and Performance Requirements. Precise identity - how provided EU Medical Device Regulations 6
E What is the general time line to prepare for IATF Letter of Conformance? IATF 16949 - Automotive Quality Systems Standard 1
S General Awareness Training for AS9100 Rev.D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
B IVD or a general product test kit (if such a thing exists) EU Medical Device Regulations 0
S Business development and support - Getting business general liability insurance Career and Occupation Discussions 5
DietCokeofEvil What is the general consensus on Caliper tolerances? General Measurement Device and Calibration Topics 1
Y Change Control - General Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
D General questions about Medical Device MOPs and MOPPs IEC 60601 - Medical Electrical Equipment Safety Standards Series 31
Albert G. What are general examples of audit findings with ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
H ISO 9001:2015 Cl. 9.3.1 - General Director doesn't participate in Management Review ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S AS9100D Transitional Audit General Question Checklist AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
S Dates on Labels acceptable to the USA - GS1 General Specification 3.4.4 Other US Medical Device Regulations 3
K Thoughts on the impact of the General Data Protection Regulation? Medical Information Technology, Medical Software and Health Informatics 5
Pmarszal Clarification for 21 CFR Part 11.100 - General Requirements Other US Medical Device Regulations 14

Similar threads

Top Bottom