Difference between revisions of "GDPR Impact on Data Collection Practices"

From PHUSE Wiki
Jump to: navigation, search
m (Project Activities)
m (Project Members)
 
(9 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{RightTOC}}
 
{{RightTOC}}
 
= Project Overview =
 
= Project Overview =
In May 2016, the new EU General Data Protection Regulation (GDPR) was released and will become applicable in all member states two years after publication on May 25th, 2018. The GDPR was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organisations across the region approach data privacy. An important requirement from the GDPR is the minimisation of collection of personal data on basis of necessity. There are also examples of countries (e.g. France) that are putting local legislation in place regarding collection of personal information and specifically Date of Birth (e.g. France: day of birth cannot be collect in any trial with an FPI after August 14th 2017 except for children aged 0-2 years). The goal of this project is to share experiences and approaches for collecting date of birth and other personal information in compliance with regulations. For example, the project will explore the impact of collecting minimal expected information on Date of Birth: by only collecting Year of Birth (collected) and Age (collected or derived) for standard clinical trials. The project will create a best practices white paper to summarise experiences and recommendations. As the project progresses, it may also explore other general EU regulations and aspects of the GDPR such as the GDPR implies that subjects should be allowed to have their data deleted after it was collected which seems to conflict with CGPs requirement of the need for an audit trail.
+
In May 2016, the new EU General Data Protection Regulation (GDPR) was released and will become applicable in all member states two years after publication on May 25th, 2018. The GDPR was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organisations across the region approach data privacy. An important requirement from the GDPR is the minimisation of collection of personal data on basis of necessity. There are also examples of countries (e.g. France) that are putting local legislation in place regarding collection of personal information and specifically Date of Birth (e.g. France: day of birth should not be collect in any trial with an FPI after August 14th 2017 except for children aged 0-2 years). The goal of this project is to share experiences and approaches for collecting date of birth and other personal information in compliance with regulations. For example, the project will explore the impact of collecting minimal expected information on Date of Birth: by only collecting Year of Birth (collected) and Age (collected or derived) for standard clinical trials. The project will create a best practices white paper to summarise experiences and recommendations. As the project progresses, it may also explore other general EU regulations and aspects of the GDPR such as the GDPR implies that subjects should be allowed to have their data deleted after it was collected which seems to conflict with CGPs requirement of the need for an audit trail.
 
<br>
 
<br>
 
<br>
 
<br>
Line 19: Line 19:
 
|-
 
|-
 
| Name || Role || Organization || E-mail
 
| Name || Role || Organization || E-mail
|-
 
|Jean-Marc Ferran || Project Lead || Qualiance || jean-marc.ferran@phuse.eu
 
 
|-
 
|-
 
|Arlene Coleman || Project co-lead || Pfizer || arlene.coleman@pfizer.com
 
|Arlene Coleman || Project co-lead || Pfizer || arlene.coleman@pfizer.com
 
|-
 
|-
|Sara Pauwels || Project Lead || JNJ || spauwel2@its.jnj.com
+
|Liz Roberts || Project Lead || UCB || Liz.Roberts@ucb.com
 
|-
 
|-
|Lauren White || Project Assistant || PhUSE || Lauren@phuse.eu
+
|Lauren White || Project Assistant || PHUSE || Lauren@phuse.eu
 
|-
 
|-
 
|}
 
|}
Line 45: Line 43:
 
|-
 
|-
 
|Barbara Rusin || Participant || MMS Holdings  
 
|Barbara Rusin || Participant || MMS Holdings  
 +
|-
 +
|Benjamin Shim || Participant || Eli Lilly
 
|-
 
|-
 
|Cordula Massion || Participant || Analytical-Software  
 
|Cordula Massion || Participant || Analytical-Software  
Line 53: Line 53:
 
|-
 
|-
 
|Jonathan Andrus|| Participant || Clinicalink  
 
|Jonathan Andrus|| Participant || Clinicalink  
 +
|-
 +
|Lilly Llorens || Participant || MGP Online
 +
|-
 +
| Mats Knutsson || Participant || Microfocus
 
|-
 
|-
 
|Megan Schmidt || Participant || UCB   
 
|Megan Schmidt || Participant || UCB   
 
|-
 
|-
 
|Michelle Brooks || Participant || Alnylam
 
|Michelle Brooks || Participant || Alnylam
|-
 
|Mohammad Fayaz|| Participant || Industry
 
 
|-
 
|-
 
|Paul Houston || Participant || CDISC  
 
|Paul Houston || Participant || CDISC  
Line 90: Line 92:
 
|White Paper || 3 Months
 
|White Paper || 3 Months
 
|-
 
|-
|PhUSE team follows up on changing regulations regarding to this topic and regularly compares current regulations with best practices || TBD
+
|PHUSE team follows up on changing regulations regarding to this topic and regularly compares current regulations with best practices || TBD
 
|-
 
|-
 
|}
 
|}

Latest revision as of 05:43, 7 July 2020


Project Overview

In May 2016, the new EU General Data Protection Regulation (GDPR) was released and will become applicable in all member states two years after publication on May 25th, 2018. The GDPR was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organisations across the region approach data privacy. An important requirement from the GDPR is the minimisation of collection of personal data on basis of necessity. There are also examples of countries (e.g. France) that are putting local legislation in place regarding collection of personal information and specifically Date of Birth (e.g. France: day of birth should not be collect in any trial with an FPI after August 14th 2017 except for children aged 0-2 years). The goal of this project is to share experiences and approaches for collecting date of birth and other personal information in compliance with regulations. For example, the project will explore the impact of collecting minimal expected information on Date of Birth: by only collecting Year of Birth (collected) and Age (collected or derived) for standard clinical trials. The project will create a best practices white paper to summarise experiences and recommendations. As the project progresses, it may also explore other general EU regulations and aspects of the GDPR such as the GDPR implies that subjects should be allowed to have their data deleted after it was collected which seems to conflict with CGPs requirement of the need for an audit trail.

Current Sub-teams

Data Collection and PII

Safeguard and Processes

Data Breach

Project Leads

Name Role Organization E-mail
Arlene Coleman Project co-lead Pfizer arlene.coleman@pfizer.com
Liz Roberts Project Lead UCB Liz.Roberts@ucb.com
Lauren White Project Assistant PHUSE Lauren@phuse.eu

Project Members

Name Role Organization
Andreas Schwalm Participant Industry
Arlene Coleman Participant Pfizer
Ashwini Weber Participant Amgen
Azia Tariq Participant GSK
Barbara Rusin Participant MMS Holdings
Benjamin Shim Participant Eli Lilly
Cordula Massion Participant Analytical-Software
Hannah Sharp Participant Gilead
Jennifer Alf Participant Astellas
Jonathan Andrus Participant Clinicalink
Lilly Llorens Participant MGP Online
Mats Knutsson Participant Microfocus
Megan Schmidt Participant UCB
Michelle Brooks Participant Alnylam
Paul Houston Participant CDISC
Rashmi Dodia Participant MMS Holdings
Renee Entzminger Participant Industry
Rohit Bajaj Participant GCE
Shannon Labout Participant Data Science Solutions
Shital Desai Participant Teradata
Stephen Bamford Participant Janssen Pharmaceuticals

Project Updates

CURRENTLY LOOKING FOR VOLUNTEERS. IF YOU ARE INTERESTED IN JOINING THIS PROJECT PLEASE CONTACT Jean-Marc Ferran - Jean-Marc.Ferran@phuse.eu or Lauren White - lauren@phuse.eu

Objectives and Timelines

List proposed project deliverables and timelines.

Objective Timeline
Project Kick Off and Information Sharing 3-6 Months
White Paper 3 Months
PHUSE team follows up on changing regulations regarding to this topic and regularly compares current regulations with best practices TBD

Meeting Minutes


May 24th 2018 Meeting