In the leadup to regulations on data privacy, have you considered your EDC system data privacy compliance?
Why is EDC system data privacy important? Pharmaceutical companies have been anxiously preparing for the General Data Protection Regulation (GDPR) which is coming into effect this May. In addition to GDPR, there are several clinical trial regulations that require a double check on data privacy and security requirements.
According to a recent survey covered by Clinical Leader, 34 percent of pharma executives noted they will operational and cost concerns override compliance and data protection regulations.
Many companies rely on third party vendors for electronic data capture systems. What should companies be taking into consideration when it comes to EDC system data privacy compliance?
Ask your provider the following checklist of questions:
- Is there EDC system GDPR compliant including the database and audit trails?
- How do they account for the transfer of non-CRF data?
- How do they handle cross-border data flows particularly in and out of the EU?
- How do they handle access controls?
- Do they have an updated security statement compliant with GDPR and HIPAA?
- Do they have any pertinent certifications such as ISO 27001:2014 or the EU-U.S. Privacy Shield?
- Is there a workflow and quality control process in place for data anonymization?