Thoughts on the impact of the General Data Protection Regulation?

kreid

Involved In Discussions
#1
What do you Cove-ers think of the General Data Protection Regulation and what are you doing to prepare for it?
 
Elsmar Forum Sponsor

shimonv

Trusted Information Resource
#2
Hi kreid,
Well, the obvious thing is that we have to abide by it.
The interesting thing is that patient data protection has its own separate regulations in the US and EU markets and that evidence for compliance is not part of the submission process.

I believe FDA was the pioneer of patient data protection through HIPAA and HITECH acts, and the rest of the major markets will follow.

From an RA prospective you need to do the best you can not to include patient health information in your device (~information that identified the patient), but as the digital era and wirelesses communiction expands - it will become more and more a must to include a set of SOPs, WI, and forms as part of your QMS in order to protect patient privacy. It's a big deal. I'm doing one myself right now.
There will be a constant challenge to keep up with all the changes and updates with respect to cybersecurity.

Cheers,
Shimon
 

TomaszPuk

Starting to get Involved
#6
Well, we've followed "standard" GDPR/ISO27001 approach. :)
  1. Documented personal data categories - in order to know what personal data we are processing.
  2. Conducted risk assessment for these categories - to identify personal data security risks. When doing the assessment remember here about CIA - Confidentiality, Integrity, Availability properties of the information security.
  3. Prepared the risk treatment plan with the currently implemented security measures and those we want/have to implement.
  4. Implemented personal data security measures in three ares: organization, technology, and contractual. On the technology side, remember about these measures that GDPR references directly: encryption, backups, confidentiality, and keeping systems operational.
  5. Then, we keep personal data secure in operations by executing Operations Management Process by IT System Administrators. I personally think this is the most important step in that process.
  6. Finally, at least once a year, or on major change in the company environment, we review the security of the personal data Information Security Management System

Generally we extended slightly ISO 27001 Information Security Management System with GDPR specifics.
 
Thread starter Similar threads Forum Replies Date
S Thoughts on managing ISO 9001, 13485, IATF 16949 and 17025 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
N Looking to Impress - New Job - Advice, Thoughts, Comments Welcome Career and Occupation Discussions 23
T Internal Nonconformance procedure thoughts (AS9100) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
S Inventory Control - Any thoughts would be appreciated ISO 13485:2016 - Medical Device Quality Management Systems 2
S Proposed Quality Improvement - Thoughts? Medical Device and FDA Regulations and Standards News 3
E Discussion between co-worker on tolerance and uncertainty and how to apply it. Thoughts? 17025 ISO 17025 related Discussions 1
D ASQ CMQ/OE Certification - Share your thoughts ASQ - American Society for Quality 3
Marc Thoughts about the vBulletin to Xenforo Software Migration - 2 October 2018 Forum News and General Information 4
J MDR reporting and CAPA thoughts? Classifying Complaints on Risk 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 13
Q Thoughts on Communications relevant to the Quality Management System ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
B Thoughts on performing an ISO 9001:2015 Remote Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Marc Thoughts about Extrapolating Statistical Analysis Tools, Techniques and SPC 5
Marc Your thoughts? A weekend calibration teaser General Measurement Device and Calibration Topics 7
Marc Thoughts about Discussion Forums Coffee Break and Water Cooler Discussions 2
S Destructive Gage RR - Using Crossed - want your thoughts Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 18
Marc Thoughts for Food - What's on the menu? Coffee Break and Water Cooler Discussions 3
D Thoughts on the Implementation and Effectiveness of A3 methodology Lean in Manufacturing and Service Industries 2
Antonio Vieira Thoughts on implementation of Quality Management System in a Police Department ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 32
W Thoughts on having Safety Shower in ISO Class 7 Cleanroom ISO 13485:2016 - Medical Device Quality Management Systems 5
C Thoughts on validation of Legacy Systems for Medical Device Software EU Medical Device Regulations 2
T Need thoughts on calibration of Class A volumetric glassware General Measurement Device and Calibration Topics 3
Marc About 1940 to today - TV - Sunday Morning Thoughts Coffee Break and Water Cooler Discussions 5
G Thoughts on Audit Finding for not doing Gage R and R for Visual Inspection Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 8
Sean Kelley What are your thoughts on Process vs Product Control Plans ? FMEA and Control Plans 3
N Improvement in a Medical Plastics Compounder Job Shop - Any thoughts? Preventive Action and Continuous Improvement 14
B Your thoughts on Communicating to Customers the Actions on Customer Survey Customer Complaints 4
Steve Prevette Tom Peters thoughts on Six Sigma, ISO Misc. Quality Assurance and Business Systems Related Topics 5
N Quantifying our QMS Objectives - Your Thoughts ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Jerry Eldred New ILAC Requirements Regarding Repeatability - Your thoughts on this please Measurement Uncertainty (MU) 11
Marc Thoughts and Opinions about the ASQ (American Society for Quality) ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 34
Richard Regalado ISO 27001 Statement of Applicability and Some of my Thoughts IEC 27001 - Information Security Management Systems (ISMS) 4
bobdoering Dr Wheeler gives his thoughts on "Estimating the Fraction Nonconforming" Capability, Accuracy and Stability - Processes, Machines, etc. 0
bobdoering Dr. Wheeler is back with his thoughts on MSA and Gage R&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
C ISO 27001 and Bulk Email Policy - Your Thoughts, Please IEC 27001 - Information Security Management Systems (ISMS) 3
jasonb067 Cognos Feedback - Cognos BI software from IBM - What your thoughts? After Work and Weekend Discussion Topics 4
C Organization unsure about the ISO 9001 implementation route? Share your thoughts. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
Hershal Memorial Day thoughts - 2010 Coffee Break and Water Cooler Discussions 1
5 What are your thoughts on my NPD (New Product Development) process map? Process Maps, Process Mapping and Turtle Diagrams 17
A What are you thoughts on the 1.5 sigma shift Six Sigma 3
R Considering adding ISO 13485 certification - Your thoughts? ISO 13485:2016 - Medical Device Quality Management Systems 4
I Seeking thoughts on using BOTH FTA (Fault Tree Analysis) and FMEA ISO 14971 - Medical Device Risk Management 17
D KAIZEN Event "tools to use" Brain Jogger - Your thoughts please Lean in Manufacturing and Service Industries 12
P Are they "Satisfying Customer Requirements?" - Thoughts and Comments Customer Complaints 1
Paul Simpson ISO 19011 revision - Your thoughts General Auditing Discussions 53
P ISO 9001 in construction organization: Your thoughts (quality control plan, etc) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Marc Your Opinions and thoughts about the Elsmar Cove forum - Why do you visit the forum? Forum News and General Information 50
Marc Thoughts about (the murder of) Manufacturing In the US Imported Legacy Blogs 2
M Non Conformance Reports - What are your thoughts on the title? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
michellemmm Thoughts on issuing a CAR for Operator Error General Auditing Discussions 15
C Thoughts on benefits and drawbacks of having QC and QA go from 1 head to 2? Misc. Quality Assurance and Business Systems Related Topics 3

Similar threads

Top Bottom