Imagine losing the ability to engage with your audience because you don’t have documented consent to communicate. This is a situation that businesses are actually facing in response to global data privacy requirements, such as GDPR and a number of regional laws being enacted around the world.

欧盟一般数据保护法规（GDPR）于2018年5月生效，新要求适用于收集，存储或使用欧盟个人数据的公司。公民。尽管GDPR已经是可执行的法律，但对于许多数据隐私和合规人员来说，新法规仍然是最重要的，他们正在努力满足法律的要求和复杂的要求。

制定了GDPR来加强欧盟公民的数据隐私权。但是，这对欧盟以外的国家意味着什么？简短的答案是 - 如果您的公司与欧盟客户进行任何形式的业务，那么如果您存储，处理或共享其个人数据，则GDPR将适用。

根据GDPR，同意是合法处理个人数据的法律基础之一。该准则设定了高标准的同意标准，并要求必须自由授予，具体，明智的和明确的。对于组织而言，含义包括 - 他们需要能够存储和管理使用个人数据的同意。这包括允许个人随时访问，修改或撤回同意的能力。

The management of consent introduces complexities for organizations, including how to organize the operational processes for ensuring full compliance in an effective and efficient manner. As Life Sciences companies create and refine their systems for GDPR compliance, it is helpful to have a pragmatic framework to develop processes and improvements. The questions below serve as a useful roadmap on the journey toward full compliance.

Have you successfully identified all sensitive data?数据通常散布在许多系统中，IT应用程序和跨企业的来源。对于大型公司以及通过收购而成长的公司尤其如此。由于欧盟公民可以在一个组织中扮演的不同角色（临床试验参与者，医疗保健专业人员，伙伴，员工，供应商等），因此个人数据不太可能仅限于一个部门或系统。必威手机APP具有更多样化的IT系统的组织不仅应考虑网络应用程序中的数据，还应考虑脱机来源（例如电子表格）。

Are you confident that consent was rigorously and properly obtained?After determining what data is in your possession that falls within the scope of GDPR, you must assess the basis for processing each category of information. If you are relying on consent as the legal basis, you should determine if that consent meets all requirements set forward by GDPR.

数据主体知道您正在存储他们的数据吗？When personal data is collected from the individual a company must provide privacy information at the time the data is obtained. This mandate, often called the right to be informed, covers a key transparency requirement of GDPR. Many organizations have sent privacy policy updates; however, companies must also define triggers and processes for any new contacts with whom the organization has recently engaged.

您是否已记录了同意证明？When consent is the legal basis for data processing, the onus is on the company to demonstrate that the data subject has given consent. Guidelines emphasize that consent should be obtained through electronic methods such as emails or electronic signatures that provide a clear, demonstrable trail. This is of course not the case with oral agreements or consent given by manually signing a paper document, unless they can be electronically ´loaded´ into a platform so they are accessible and modifiable in the future.

您可以轻松地在操作生态系统中保持合规性吗？一旦发现了敏感数据，并在必要时获得并记录了同意书，这项工作才刚刚开始。欧盟公民的个人信息可能每天流入您的IT基础设施。为了消除重复的努力并确保合规性，建议将这些系统链接为简化合规性的接口。

In addition to GDPR, companies should monitor data and e- privacy regulations around the globe. In Asia-Pacific, some countries have specific consolidated laws to address data privacy regulations. Examples include the Act on Protection of Personal Information (APPI) in Japan, the Personal Information Protection Act (“PIPA”) in South Korea, as well as the “EIT Law” in Indonesia. Furthermore, the recent passage of the California Consumer Privacy Act highlights the growing global trend towards data privacy protection.

IQVIA的专家可以确定您的业务领域，这些领域将受到新的数据隐私要求和义务的影响。通过定制的端到端风险评估，我们的顾问可以评估组织针对GDPR和其他要求的当前实践，重点是过程开发，最佳实践和组织需求。然后，我们可以提供成功的路线图，向您展示如何有效地实施和管理正在进行的过程。

为了进一步迈向全GDPR合规性的成功旅程，我们的托管服务团队可以通过多渠道广告系列（包括电子邮件，呼叫中心和打印邮件计划）来收集您的同意收集。最后，我们提供IQVIA同意，这是一种创新的软件解决方案，旨在使遵守全球数据隐私法。使用单个在线平台，内部和外部用户可以提供，修改，撤销或存储各种同意类型，包括披露和电子邮件使用的同意。

To learn more about IQVIA’s solutions,点击这里