15 May 2018
Here, at Data Management 365, we together with the rest of the world are waiting for one of the most significant events in data privacy protection history to happen soon.
Indeed, next week the GDPR - The European Union General Data Protection Regulation 2016/679 - will be enforced.
The GDPR is being discussed massively and the most important and acute question for every organization that has business in Europe or with EU citizens is if they are truly ready for the new regulations coming.
Of course we posed this question to ourselves, too, and frankly answered it.
The answer is yes, Data Management 365 is ready.
We’ve always set confidentiality and integrity of our clients’ data as one of our main priorities.
According to the GDPR we are required to provide an opportunity to delete or return all the personal data to the controller when a project ends (Art 28 g GDPR). Fortunately, we already have a special tool for data download at all the sites at the end of the study. With DM 365 investigators can easily download the data to keep it and we are ready to delete the data from our side so that we won’t have any access to it.
DM 365 securely stores the data of our European clients in qualified data centers in Europe. The servers are located in Germany.
Generally speaking, we protect our clients all over the world. DM 365 has servers in approved data centers in the USA, Singapore, Russia depending on where our clients are located. All data centers have been assessed and entered into our Approved Vendor List.
The legislation brings in the concepts of pseudonymization and anonymization: one can transfer and manage anonymized data whereas non-anonymized data is subject to protection. DM 365 provides a special tool to facilitate the process of data pseudonymization.
As specified by the GDPR, we appointed a Data Protection Officer to oversee and advise on the data management. Our Data Protection Officer also trains the staff on the GDPR and provides necessary guidance on the related issues.
DM 365 strictly fulfills the agreements with the clients and ensures that data is processed in accordance with the instructions by a data controller.
Finally, we strongly control access to the system as according to Art. 32 GDPR access should be provided to a limited number of authorized users only.
With that, at Data Management 365 we are GDPR compliant and looking forward to the new regulations to come into effect.
Feel free to reach out to us if you have any questions about the GDPR - we would be happy to talk to you about it - firstname.lastname@example.org