The clock is ticking down to May 25, when the European Union’s new General Data Protection Regulation goes into effect. The GDPR centers around the protection of personally identifiable data — a category that is broader than many people outside the IT and data analytics fields realize — and this sweeping privacy law will reshape the way businesses collect, store and process data under their purview.
For life sciences companies working in a global marketplace, complying with this mandate will take an investment, but it also offers an unprecedented opportunity to consolidate data and develop new benchmarks for business operations involving that data.
The GDPR is important even for those life sciences companies based in the United States. As per the legislation, multinational companies — regardless of where they are based — that do business or have constituents in the E.U. will have to comply.
This new era of personal-data regulation is intended to give consumers more transparency into and control over how their personal data is stored and used. Companies that collect personal data on their constituents will be accountable for the accuracy and security of that data, and will be obligated to destroy it if consent is not obtained or is revoked.
The foundation of the GDPR is enhanced consent verification: Companies have to communicate clearly and receive affirmative confirmation of consent — commonly used methods such as pre-ticked check boxes are no longer sufficient. What’s more, consent must be obtained individually for specific functions; “bundling” consent will not be permitted.
For life sciences companies, one of the greatest challenges of GDPR compliance is the decentralized nature of the industry. Vendors, contractors and others may be granted access to HCP data, and according to the new legislation, life sciences companies can be held responsible for any missteps made by those third parties.
The stakes are high for companies, since running afoul of the GDPR can mean significant financial penalties. However, life sciences companies can be reassured by the following: Those of their partner companies that have already been operating under a compliance-centered paradigm are well-equipped to transition into this new era of oversight that makes personal data security paramount.
Historically, as the existing global online and cloud-based ecosystem for data management grew organically, companies collected personal data in many different ways — event registrations, surveys, social media activity, just to name a few — and for many different purposes. The E.U. has put the business community on notice that this traditional, often scattershot, approach to data management will no longer pass muster. Instead, companies must proactively take a comprehensive inventory of the personal data they keep, and centralize activity pertaining to that vast store of information.
For the life sciences industry, this means seeking out partners that offer a holistic solution to data collection, management and analysis. Rather than working piecemeal across corporate silos and geographical borders with an array of third parties, executives at life sciences companies will need to seek out firms that provide an entire suite of products and services encompassing technology, communication and analytics. More importantly, they will need to seek out firms that have demonstrated a commitment to customer satisfaction.
As with all change, the adoption of the GDPR is likely to cause some growing pains for companies that fail to plan for the significant adaptations compliance will require. The bright side, though, is that life sciences businesses that have seen the writing on the wall and taken steps to partner with firms that can execute 360-degree compliance will reap the benefit of accurate and detailed analytics-ready stakeholder information. Building this type of profile would never be possible if vital facts were spread among multiple partner companies.
What’s more, the opportunity presented by this legislation is likely to yield improvements in efficiencies and allow life sciences companies to leverage economies of scale to their financial benefit. They could reap long-term cost savings by doing away with piecemeal data management and replacing it with a consolidated, comprehensive platform.
As we look into the future, it is entirely possible that the next level of data analytics evolution will have the GDPR to thank.
Frank C. Castora
Sr. Director, Global Solutions Management
Frank joined AHM in 2007 and has been delivering compliance solutions to the Life Science industry for over 10 years. He has delivered solutions for compliance-based Interactions Management and provided expertise on data integration and exchange needs for Aggregate Spend and Disclosure Reporting. Frank is currently responsible for the strategy and product management of AHM’s Global Compliance Solutions platform, CentrisDirect™, and new business intelligence and data analytics solution, CentrisIQ™.