This may sound like an odd question, as I’m sure many of you will be certain you know just where all your confidential and personal data is held. But do you really?
A pharmaceutical company’s data is precious. Not only does it contain personal data like names and contact details of clients and employees, which are governed by the Data Protection Act and forthcoming GDPR legislation, it also likely contains medically confidential details of patient health information. Then there may be clinical trial data, not to mention a wealth of commercially
confidential details of contracts, agreements, research, IP and email correspondence.
And the startling reality nowadays is that your business data may well be scattered across the world. Yes, some of it will certainly be residing (hopefully securely) on your in-house servers. But what about the proliferation of company and employee owned portable devices such as laptops, tablets and smartphones which now hold company data and/or emails?
And then there’s data that has been shared with business partners and other third-party organisations. And data that has, for whatever reason, found its way onto file sharing services like Dropbox or USB sticks.
There’s also copies of data taken for backup purposes. And do bear in mind this is not just your scheduled backups of your in-house servers, but can be backups that you may not even be aware of, such as automatic cloud backup software which may be installed on employee owned devices, which is copying confidential company data to an unknown provider’s cloud storage, in an unknown location, unbeknown to anyone.
Then there is the cloud. The cloud has revolutionised the way many businesses store their data, but in doing so has also globalised the way data is stored, with many providers distributing data across servers worldwide in order to optimise costs.
So do you really know where all your data is held? And does it matter?
Well the more widespread and less controlled your data is, the more vulnerable you leave your business to a security breach. And this has implications on many levels: firstly, it does not demonstrate due care of personal data under GDPR, and that in turn has the potential to lead to massive financial and reputation damage once GDPR comes into force in May 2018. Additionally, uncontrolled data presents a problem from an MHRA inspection standpoint around data security and data integrity. And if that wasn’t bad enough, for those of you based in or doing business in the US, it also raises questions around HIPAA compliance in relation to data integrity, availability and confidentiality. And on a commercial level of course there are also major issues around the need to guard your business’ competitive IP.
So understanding what data you hold, where it is stored and who has access to it, is absolutely critical. This in turn needs to be documented, both so that the Board have understanding of, and control over, their data and to provide documentation for compliance and audit purposes. This not only puts businesses back in control of their valuable data, but minimises the risk of a security breach and takes the first step towards preparing for GDPR compliance.
Over coming blogs, I will be exploring in more depth some of the key issues around GDPR compliance for pharmaceutical companies. In the meantime, if you are concerned about your business’ GDPR compliance position, please do not hesitate to contact me on 0118 920 9600 or email jstratton@connexion.co.uk when I will be happy to arrange a no obligation conference call to discuss how Connexion can help.
If you would like to read other articles in our series of informational resources for directors of Pharmaceutical companies, please visit our blog at http://ITinPharma.blogspot.co.uk
-------------------------------------------------------------------------------------------------------------------------
Established in 1994, Connexion Ltd provides IT consultancy, IT services and IT support to mid-size Pharmaceuticals, Clinical Research organisations, Biotechnology and Medical Device companies throughout the UK. Our focus is on delivering IT solutions that create real value to our clients' businesses. Working closely with our customers’ in-house IT Managers, our structured and managed approach to delivering IT is paramount in ensuring our clients can maximise the business advantages technology can offer them, whilst minimising their risks and maintaining regulatory compliance. For more information about our services for pharmaceutical businesses please visit our website http://www.connexion.co.uk/pharmaceuticals/
No comments:
Post a Comment