R&D departments in healthcare organisations have felt a significantly higher impact due to the General Data Protection Regulation (GDPR) than in other sectors, according to GlobalData, a leading data and analytics company.
The company’s latest report: ‘GDPR in the Healthcare Industry’ finds that, whilst most business departments have been affected similarly regardless of which sector the company was operating in, survey respondents from the healthcare industry were almost twice as likely to feel that their R&D had been affected by GDPR.
James Mather, MChem, Pharma Analyst at GlobalData, says: “A total of 41% of healthcare respondents felt that R&D was impacted by GDPR, compared to only 22% of respondents from other industries. This disparity is most likely as a result of R&D departments in healthcare-related organisations dealing with substantially more personal data than their counterparts in other industries.
“R&D is governed by much tighter regulations in healthcare than in other sectors. The clinical development of novel products often involves trials in thousands to tens-of-thousands of individuals in order to gain significant evidence for safety and efficacy. This requirement, which falls before new products can be launched, means that R&D departments within healthcare companies collect enormous amounts of personal data compared to other sectors.
“GDPR brings updates to the legislation that covers the protection of this personal data, including both the collection and processing of this data. These changes place a large burden on clinical trial investigators.”
These findings come from a cross-industry survey conducted by GlobalData which asked 494 GlobalData clients and prospects about their knowledge, preparations and the impact that GDPR has had on there organisations. GlobalData’s report highlights the key challenges faced by healthcare organisations in adapting to the new legislation governing the use of personal data from EU citizens.
“The EU introduced GDPR on May 25, 2018, as an update to the legislation governing use of EU citizen’s personal data. Organisations now face increased fines for failing to take the nessarsary steps to protect personal data, meaning that it is important that they remain as informed as possible over the required steps they must take should they wish to continue with business operations within EU member states,” concludes Mather.