GDPR as part of an en-to-end Security Architecture.

IS THIS A COMPLEX SUBJECT?

The fines and other risks are significant enough to prepare your organization for the proper compliance. It is certainly no "rocket science", but for an organization it is helpful to know what the challenges will be.
The challenges are clear:

  • translating the legal requirements,
  • aligning various stakeholders,
  • understand the respective roles and responsibilities.

 

GDPR is not only a legal hassle, but also requires a hands-on privacy and information security management that impacts both business and IT.

SOME OF THE MOST IMPACTFUL CHANGES FOR LIFE SCIENCES

  • Data can no longer be attributed to a specific individual without the use of additional information, which must be kept separately and protected by safeguards to avoid re-identification.
  • Genetic and biometric data are formally designated as ‘sensitive personal data’.
  • Processing for scientific research or statistical purposes continues to be granted a greater degree of flexibility. However, organizations have an express obligation to put in place appropriate safeguards, when relying on this so-called ‘research exemption’, to protect the rights and freedoms of individuals.
  • Organizations must conduct a ‘Data Protection Impact Assessment’ (DPIA) prior to any new processing of sensitive personal data on a large scale.
  • Organizations will need to adopt a documented compliance program to enable them to demonstrate how they comply with data protection law.
     

In close collaboration with Cronos Security, we assist you in the process to become compliant with GDPR. We start with conducting an assessment on legal-, business- and IT level to define the GAP and the approach needed.

Don't hesitate to invite us for a private session to further explain GDPR or let us know if you want to attend one of the next seminars.

Get in touch