New Rules Challenging Data Privacy Retention Processes

Mar 21, 2017

Data privacy and data retention seem to become more complicated by the day in the realm of medical affairs and pharmacovigilance. I am beginning to think that there really is no solution. With the GDPR (General Data Protection Regulation) coming in 2018 followed by Brexit I trust I am not alone in being a little confused.

In recent meetings with an international pharmaceutical company, I was asked about how our systems cover data privacy.  I thought I had a good and complete answer.  I reassured them that we had implemented country specific data privacy.  We could decide if data privacy was enabled and if it was, we would encrypt all personal data in the database.   We could then set a retention period and ensure that any responses would be essentially unrecoverable after the retention period had passed.  We discussed redaction of data and finally through role-based security we could ensure that users of one company unit could not see any contact data or inquiry history of another unit.

But then a small bombshell was dropped.

Could our medical information systems support product-specific data retention?  In other words, could we keep our data privacy retention period for some products, yet ensure all requests and responses for a specific product are retained indefinitely?

I had to ask why.

The response was actually quite enlightening and questions the notion of when data retention is required.   The response was that if certain products are under legal challenge then it would be required that all responses given for that product are retained as they may become part of ruling on that product.  In other words, we have to be able to retain all inquiries and responses for a particular product.

So in the event of a lawsuit how can we see what advice was given to a patient if we do not retain the data?  We decided there was nothing that could be done prior to the lawsuit but agreed to maintain all data post the law suit…hence the need to remove data privacy from individual products.

So data privacy is simply getting more and more complicated.  Good news for the lawyers!

Contact us to learn how ArisGlobal can help your teams succeed.


About ArisGlobal

ArisGlobal is transforming the way today’s most successful Life Sciences companies develop breakthroughs and bring new products to market. Our end-to-end drug development technology platform, LifeSphere®, integrates our proprietary Nava® cognitive computing engine to automate all core functions of the drug development lifecycle. Designed with deep expertise and a long-term perspective that spans more than 30 years, LifeSphere® is a unified platform that boosts efficiency, ensures compliance, delivers actionable insights, and lowers total cost of ownership through multi-tenant SaaS architecture.

Headquartered in the United States, ArisGlobal has regional offices in Europe, India, Japan and China. For more updates, follow ArisGlobal on LinkedIn and Twitter.

Additional Information

Connect with ArisGlobal on LinkedIn:
Follow @Aris_Global on Twitter:


Erika Thomas
+305-726-6601 |