Difference between revisions of "GDPR Impact on Data Collection Practices"

From PHUSE Wiki
Jump to: navigation, search
m (Project Members)
m (Project Activities)
Line 93: Line 93:
= Project Activities =
This section can document project activities or serve as a jumping off point to other pages in the project.
<br />
= Meeting Minutes  =
= Meeting Minutes  =
[https://www.phusewiki.org/wiki/images/f/fd/PhUSE_DI_WG_-_GDPR_subteam_meeting.pptx May 24th 2018 Meeting]
[https://www.phusewiki.org/wiki/images/f/fd/PhUSE_DI_WG_-_GDPR_subteam_meeting.pptx May 24th 2018 Meeting]

Revision as of 11:16, 5 June 2019

Project Overview

In May 2016, the new EU General Data Protection Regulation (GDPR) was released and will become applicable in all member states two years after publication on May 25th, 2018. The GDPR was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens' data privacy and to reshape the way organisations across the region approach data privacy. An important requirement from the GDPR is the minimisation of collection of personal data on basis of necessity. There are also examples of countries (e.g. France) that are putting local legislation in place regarding collection of personal information and specifically Date of Birth (e.g. France: day of birth cannot be collect in any trial with an FPI after August 14th 2017 except for children aged 0-2 years). The goal of this project is to share experiences and approaches for collecting date of birth and other personal information in compliance with regulations. For example, the project will explore the impact of collecting minimal expected information on Date of Birth: by only collecting Year of Birth (collected) and Age (collected or derived) for standard clinical trials. The project will create a best practices white paper to summarise experiences and recommendations. As the project progresses, it may also explore other general EU regulations and aspects of the GDPR such as the GDPR implies that subjects should be allowed to have their data deleted after it was collected which seems to conflict with CGPs requirement of the need for an audit trail.

Current Sub-teams

Data Collection and PII

Safeguard and Processes

Data Breach

Project Leads

Name Role Organization E-mail
Jean-Marc Ferran Project Lead Qualiance jean-marc.ferran@phuse.eu
Arlene Coleman Project co-lead Pfizer arlene.coleman@pfizer.com
Sara Pauwels Project Lead JNJ spauwel2@its.jnj.com
Lauren White Project Assistant PhUSE Lauren@phuse.eu

Project Members

Name Role Organization
Andreas Schwalm Participant Industry
Arlene Coleman Participant Pfizer
Ashwini Weber Participant Amgen
Azia Tariq Participant GSK
Barbara Rusin Participant MMS Holdings
Cordula Massion Participant Analytical-Software
Hannah Sharp Participant Gilead
Jennifer Alf Participant Astellas
Jonathan Andrus Participant Clinicalink
Megan Schmidt Participant UCB
Michelle Brooks Participant Alnylam
Mohammad Fayaz Participant Industry
Paul Houston Participant CDISC
Rashmi Dodia Participant MMS Holdings
Renee Entzminger Participant Industry
Rohit Bajaj Participant GCE
Shannon Labout Participant Data Science Solutions
Shital Desai Participant Teradata
Stephen Bamford Participant Janssen Pharmaceuticals

Project Updates


Objectives and Timelines

List proposed project deliverables and timelines.

Objective Timeline
Project Kick Off and Information Sharing 3-6 Months
White Paper 3 Months
PhUSE team follows up on changing regulations regarding to this topic and regularly compares current regulations with best practices TBD

Meeting Minutes

May 24th 2018 Meeting