GDPR, or General Data Protection Regulation, is especially relevant to the clinical trial industry. In addition to being HIPAA- and FDA 21 CFR Part 11-compliant, EyeKor is GDPR-compliant and filing for Privacy Shield certification.
These days, no phrase strikes more fear into organizations than “data breach.” To prevent such lapses, the EU just introduced GDPR (General Data Protection Regulation). This set of obligations, which took effect on May 25, 2018, has replaced the 1995 Data Protection Directive (DPD). GDPR’s goal is to protect the personal data of all EU citizens.
Now, any organizations that collect or process personal data from EU individuals need to comply. If you’re wondering whether GDPR affects organizations based outside of the EU, the answer is often a resounding yes.
Complying with GDPR is no piece of cake. Doing so will likely involve overhauling business processes and technology. Yet, it is not optional. After all, non-compliance can mean steep fines: up to 4% of global revenue or $20 million (whichever is higher).
How is GDPR relevant to EyeKor? Since data is such a key part of clinical trials, data security and privacy are particularly critical in our industry. In fact, GDPR recognizes clinical trial data as a “special” data category.
EyeKor strives to meet the most updated regulatory standards and to protect personal information. Already HIPAA and FDA 21 CFR Part 11 compliant, EyeKor has completed GDPR readiness assessment for all EyeKor business functions, including the flagship SaaS platform, EXCELSIOR.
We have also filed for the EU-US Privacy Shield certification. Administered by the U.S. International Trade Administration (ITA), this program allows cross-border data transfers from the EU to the US when companies choose to meet the 23 principle requirements regarding the personal data of EU citizens.
Once compliant, EyeKor will be positioned to collect pseudonymized subject data from EU countries, as often required by large, multi-center, global clinical trials.