Today, even language assistants like Alexa and Siri are becoming the target of data privacy topics. The associated challenges are something many companies are already very familiar with. For some time they have been working to ensure maximum transparency about where and which data they store – and who within their organization uses the information and for what purposes. The goal of all these efforts is to adequately implement the EU GDPR and identify, define concrete handling for, and protect the personal data of EU citizens.

Correct Implementation of the GDPR and GMP

Theoretically, companies in the pharmaceutical and life science industry in particular should be among the pioneers in this area. As one of the most strictly regulated industries, they have a lot of experience in the right way to handle sensitive data. Yet, many are still searching for an optimal solution, one that would ensure a GDPR and GMP-compliant handling of business process documents. Although processes and records exist, things always seem to fall apart when it comes to implementing effective measures.

This issue can be quickly remedied by using comprehensive and sustainable Enterprise Records Management (ERM). As a consistent management system for all regulatory measures, ERM creates transparency, e.g. when responsibilities for different regulations are segregated internally: For example, quality management is often only responsible for compliance with regulations related to drugs, while the HR department is only responsible for the secure handling of personal data, without any shared awareness of companywide, consistent evaluation and handling processes for records.

The Success Criteria for ERM Systems

Having all departments on the same page, however, creates synergies that help meet the demands of everyone involved. With the goal of cooperation across departments in mind, there are three success criteria that tend to be important when using an ERM system:

1. Clear definition of the regulatory framework: What needs to be regulated? Which legal bases need to be considered?

2. Clear company guidelines: How will the ERM implementation be realized? What is the executive mission of doing so?

3. Concrete instructions: Which processes, templates and related tools are needed to clearly classify data? This applies to data in both electronic and paper form.

In the end, these and other steps create greater awareness among employees about which data is particularly sensitive and relevant and where such data exists within the company. The ERM, in turn, provides a technological frame of reference. The implementation thereof can provide quick results for process transparency and efficiency if the following steps are considered. 

At a Glance: How to Ensure Successful ERM Implementation

• Define the regulatory frame: Examine all areas of the company, and all locations, using a checklist for relevant business processes. Improve business processes: Examine workflows for gaps and redundancies and modify them accordingly. It is very important to reassure employees about any uncertainties they may have.
• Manage documents centrally: All documents are available in digital form from a central repository. Classify documents: Automatically request the classification of a document as soon as it is created and make this a prerequisite for saving.
• Identify experts: Which staff member enters data that is subject to the regulations? Internal regulatory experts, should be “set up” at those locations.

These and other steps will allow companies in the regulated industry to integrate their custom ERM into their daily business, and use it, with relatively minimal effort. What do you want to bet this will help answering detailed questions about personal data even faster too?