Skip to main content

Last Updated on February 23, 2023

Introduction GDPR.

The General Data Protection Regulation (GDPR) is a regulation introduced in May 2018, which governs the collection, storage and use of personal data. While GDPR is considered one of the most comprehensive data privacy regulations in the world, there are still some aspects of the regulation that are not well known.

Many people believe that GDPR only applies to organizations based in the EU, but this is not the case. GDPR applies to any organization that processes the personal data of EU citizens, regardless of where the organization is located.

GDPR is about protecting personal data  

GDPR applies to any information that can be used to identify an individual, including email address, telephone number, location data and online identifiers such as IP addresses and cookies. This means that organizations need to be mindful of how they use and protect this information.

One of the main principles under GDPR for organization that process personal data is accountability. Organizations should put in place appropriate technical and organizational measures and be able to demonstrate what they did and its effectiveness when requested. In addition to this, transparency is an important principle. Organizations need to be transparent towards people about the personal data they process, before they start the processing of the personal data. Last but not least, people whose personal data is processed have certain rights, e.g. the right to be informed about what data is being processed and the right to object to the data processing.

GDPR does not ban the transfer of personal data outside the EU, but it does set strict requirements for such transfers. Organizations need to ensure that the data is protected with the same standards as it would be under GDPR, assuring that appropriate safeguards are in place.

GDPR has a role for data protection officers (DPOs). Organizations that process large quantities  of personal data or carry out data processing activities that form a high risk for the privacy of people (e.g. medical data), are required to appoint a DPO. The DPO is responsible for advising the organization on its GDPR obligations and monitoring its compliance with the regulation.

The maximum fine that can be imposed under GDPR is 4% of an organization’s global turnover or €20 million, whichever is higher. This is a significant amount and serves as a deterrent for organizations that do not take their data protection responsibilities seriously.


In conclusion, while GDPR is widely known, there are still aspects of the regulation that are not well understood. Organizations must take the time to fully understand their obligations under GDPR and implement the necessary measures to protect personal data

What can OptInsight do for you?

The OptInsight consent management solution allows pharmaceutical companies to manage the collection, storage and use of personal data in a legally compliant and secure manner. It provides a centralized platform for managing consent records that can be customized to meet the specific needs of each company and country.

Schedule a meeting with us.

Tip: involve your colleagues from other departments within your company.
In this way we can instantly answer questions and provide clarity from various points of view.


Product director @ OptInsight

Leave a Reply