Regulatory Open Forum

GDPR is related to personal privacy is not the same as cybersecurity, at least from a medical product perspective. It has to do with how an entity uses personal data that is collected for whatever purpose. Its biggest impact is on clinical research and changes in the informed consent process and how data is managed by a sponsor. But, it impacts any entity that does business in the EC an collects any information on a person.

In the US, there are several laws that serve to protect personal data, such as HIPAA, but none so far-reaching and restrictive as GDPR.

------------------------------
Glen Park
Jersey City NJ
United States
------------------------------

Original Message:
Sent: 04-Jul-2018 04:53
From: Yoram Levy
Subject: General Data Protection Regulation GDPR

Hello colleagues

 

Recently the EU came up with the General Data Protection Regulation GDPR.

This is similar to the FDA cybersecurity requirements.

Has anybody responded to this requirements?

 

Thank you,

 

Yoram Levy, Qsite

Israel

 

Yoram

Qsite

Tel (972)4 638 8837 Fax (972)4 638-0510

Cell (972)52 279 2871

 

Yoram,

    I agree with Glen's comment, and would say that GDPR is mainly about privacy rights, and that includes cybersecurity obligations on those who wish to use data from EU citizens outside of the EU.  If you are in Israel, one thing you should know is that, prior to GDPR, Israel was one of around 12 countries that had been determined by the EU to have "adequate protection," meaning that the EU felt Israel's data privacy laws were enough to protect EU citizens data transferred to Israel.    See Adequacy of the protection of personal data in non-EU countries 

Roger

------------------------------
Roger Cepeda, JD, MBA, RAC
MedTech Law LLC
roger@medtech.law
Mobile: 847-421-8361
------------------------------

Original Message:
Sent: 04-Jul-2018 04:53
From: Yoram Levy
Subject: General Data Protection Regulation GDPR

Hello colleagues

 

Recently the EU came up with the General Data Protection Regulation GDPR.

This is similar to the FDA cybersecurity requirements.

Has anybody responded to this requirements?

 

Thank you,

 

Yoram Levy, Qsite

Israel

 

Yoram

Qsite

Tel (972)4 638 8837 Fax (972)4 638-0510

Cell (972)52 279 2871

 

Cybersecurity and  Privacy are somewhat related as Cybersecurity breach may lead to a privacy risk, they may even share  risks in your RMF.
Eventually Cybersecurity is associated with safety risk and GDPR/Privacy is a legal compliance risk.
Anyway, the GDPR came into force in May, so yes, we have completed our gap analysis. 





------------------------------
Adi Michaeli
RA Specialist
Burnaby BC
Canada
------------------------------

Original Message:
Sent: 04-Jul-2018 04:53
From: Yoram Levy
Subject: General Data Protection Regulation GDPR

Hello colleagues

 

Recently the EU came up with the General Data Protection Regulation GDPR.

This is similar to the FDA cybersecurity requirements.

Has anybody responded to this requirements?

 

Thank you,

 

Yoram Levy, Qsite

Israel

 

Yoram

Qsite

Tel (972)4 638 8837 Fax (972)4 638-0510

Cell (972)52 279 2871