Data Privacy (GDPR)

Data Privacy (GDPR)

Ready for GDPR and Data Privacy Regulations?

Data privacy and data security have increasingly become a focus of attention. This is certainly the case in the sectors of the pharmaceutical and life sciences industries. The reasons: Managing health data electronically is on the rise. Companies interact with other bodies of the health service more intensively than ever, while patients as well as third parties such as service providers and suppliers are also involved in the process – the data flow is becoming broader and more complex.

Cases of privacy violations and personal information mismanagement have raised social awareness of the issue.

The demand for protection of personal data – especially in an area as sensitive as health – has led to stricter legislation and tightened control by the regulatory authorities.

Gaps in data privacy and data security may have drastic consequences:

  • Legal sanctions, fines, penalties, class action lawsuits
  • Damage to company image, loss of competitive advantages
  • Prolonged investigation or cessation of international data transfer

It is time to take the right steps.

In May 2018, the GDPR has entered into force.

The GDPR respectively EU General Data Protection Regulation regulates the identification and the protection of personal data of the residents of the European Union.

Companies need to ensure they have a register of all personal data held by the organisation. This register needs to identify which jurisdiction the data is held in, why the company is holding the data, how long the data will be held for, and how the company will either permanently delete the data or provide a full and correct set of all records held on any individual if requested.

Are you aware of where to find personal data in your company, during which processes these are used, who has access, and where the deficiencies are?

A study by Gartner (Bart Willemsen, 30.09.2016) states “By the end of 2018, over 50% of companies affected by the GDPR will not be in full compliance with its requirements.”

Are you one of these companies?

The good news is: 70% of compliance requirements are the same for pharma IT and GDPR!

That means: You don’t have to start from a scratch – you can use the base that has already been laid.

As compliance experts in the pharmaceutical industry, we are the right partners for this task. We utilise the fact that many requirements are already satisfied through the active management operations performed in your computer system validation process. We examine what is already in place and embed the GDPR requirements into your existing CSV compliance framework. This way, we achieve the desired compliance status while saving you time and money.

A holistic GDPR Compliance Framework creates transparency and sustainability.

HGP Pharma Compliance offers you a structured GDPR preparation plan that is efficient and quick to implement.

This is what we can do for you:

GDPR 1-day assessment

Our services:

High-level assessment in conjunction with a management workshop to determine your current compliance status with regard to the new GDPR requirements. Identification of the biggest risks and recommendations.


What you get:

An overview of your GDPR status in the form of a management report with the main findings of the assessment.

GDPR in-depth assessment

Our services:

Intensive audit in 1-1 workshops, surveys and interviews. Ascertainment of the GDPR compliance status of selected assets of your organisation.


What you get:

A detailed summary of the risks identified and an action plan.

Privacy impact assessment & data protection through design

Our services:

A PIA template individually tailored to your company. Interviews with the system/project managers, review of plans and documentation to assess the risk to the individual in case personal data are misused.


What you get:

A detailed assessment of your systems / projects in order to identify the main data protection risks and the steps necessary to manage personal information in compliance with GDPR.

Data Protection Officer (DPO) Service

Our services:

We provide the legally required data protection officer for an interim phase. This DPO represents you company before internal and external stakeholders and starts the implementation of your GDPR processes.


What you get:

A DPO with pharma compliance experience for the time period that is convenient to you.

Data Privacy – Key Facts and Solutions

We speak Pharma, just like you.