Last Updated on February 16, 2024
The General Data Protection Regulation (GDPR) is a regulation introduced in May 2018, which governs the collection, storage and use of personal data. While GDPR is considered one of the most comprehensive data privacy regulations in the world, there are still some aspects of the regulation that are not well known.
Many people believe that GDPR only applies to organisations based in the EU, but this is not the case. GDPR applies to any organisation that processes the personal data of EU citizens, regardless of where the organisation is located.
GDPR is about protecting personal data
GDPR applies to any information that can be used to identify an individual, including email address, telephone number, location data and online identifiers such as IP addresses and cookies. This means that organisations need to be mindful of how they use and protect this information.
One of the main principles under GDPR for organisation that process personal data is accountability. Organisations should put in place appropriate technical and organisational measures and be able to demonstrate what they did and its effectiveness when requested. In addition to this, transparency is an important principle. Organisations need to be transparent towards people about the personal data they process, before they start the processing of the personal data. Last but not least, people whose personal data is processed have certain rights, e.g. the right to be informed about what data is being processed and the right to object to the data processing.
GDPR does not ban the transfer of personal data outside the EU, but it does set strict requirements for such transfers. Organisations need to ensure that the data is protected with the same standards as it would be under GDPR, assuring that appropriate safeguards are in place.
GDPR has a role for data protection officers (DPOs). Organisations that process large quantities of personal data or carry out data processing activities that form a high risk for the privacy of people (e.g. medical data), are required to appoint a DPO. The DPO is responsible for advising the organisation on its GDPR obligations and monitoring its compliance with the regulation.
The maximum fine that can be imposed under GDPR is 4% of an organisation’s global turnover or €20 million, whichever is higher. This is a significant amount and serves as a deterrent for organisations that do not take their data protection responsibilities seriously.
In conclusion, while GDPR is widely known, there are still aspects of the regulation that are not well understood. Organisations must take the time to fully understand their obligations under GDPR and implement the necessary measures to protect personal data
What can OptInsight do for you?
We offer solutions and services for pharma & life sciences companies with focus on increasing your reach to healthcare professionals (HCPs).
The OptInsight e-consent and preference management solution allows pharmaceutical companies to manage the collection, storage and use of personal data in a compliant and secure manner. It provides a centralized platform for managing e-consent records (opt-ins AND opt-outs) and preferences, including the mandatory audit trail. It functions as a single source of truth, preventing scattered personal and consent data throughout your company. It also shows the latest consent status and preferences, which allows you to engage with HCPs based on the right data.
Our data protection experts can also advice on how to set up consent management and support in performing a consent assessment.
With our partner ecosystem, we can also support you on collecting opt-ins (up to 50%) and preferences (increase of up to 50% of HCP preferences), adding touch points to your customer journey with high end phone calls, improving the quality of data collected, creating social media campaigns, construction of websites and building HCP portals. Are you interested? Have a look at www.opt-insight.com or contact me at email@example.com.