The rise of personalised medicine as well as the patient health monitoring device has brought the medical device industry to a new era where the collection of data and/or their analysis is key to the treatment or diagnostic of certain pathologies. Within this process, there are multiple personal information that are collected along the way. These data collected by medical device manufacturers or managed by their subcontractors on their behalf may fall on the scope of the data protection laws.
In fact, the new General Data Protection Regulation (GDPR) that will come into force on 25th May 2018 clearly defines what could be considered as personal data. It also defines the requirements that shall be met by any parties involved either in the processing of personal data or the application of this regulation. It should be noted that personal data encompass, but not limited to, the following: name and surname; home address; email address; identification card number; location data; Internet Protocol (IP) address; cookie ID; advertising identifier of a phone; data held by a hospital or doctor.
Implementing the requirements contained within this GDPR could reveal itself as a cumbersome process if not well planned. Hence, it is advisable for manufacturers of medical devices whose services fall under this regulation to evaluate their capacity to comply with the GDPR requirements. Non conforming to this regulation could have negative impact on company business from lost of customers to close down. In this regard, Medidee could assist medical device manufacturer to: