The GDPR differs Significantly from EC Data Protection Directive 95/ 46

The General Data Protection Regulation (GDPR), which has been codified as Regulation (EU) 2016/679, is a very powerful law regarding the protection of data of the half billion people who live in the European Union (EU). Having come into effect as a result of the European Commission having adapted the proposal for its creation on January 25, 2012; it will replace Directive 95/46/EC, the data protection directive that has been in use in the EU since 1995.

European 023456106501

The GDPR becomes a full-fledged law and is enforceable from 25 May 2018. This is after it goes through a two-year transition period from its adaption date of 27 April 2016.

The GDPR doesn’t require members to endorse it

Just how powerful is this regulation? Well, an idea of its overarching potency can be understood from the fact that it becomes law and will be binding from the date of its enforcement without requiring legislative support from any of the EU members.

Rationale for the creation of the GDPR

The GDPR has been created for the purpose of harmonizing and strengthening all the legislative and secretarial bodies of the EU, namely the European Parliament, the Council of the European Union and the European Commission, and to tighten the various fragmented elements concerning data protection for all individuals within the European Union (EU). The GDPR also governs the export of personal data to regions beyond the EU.

It is being created to serve two important purposes:

  • Equipping EU citizens the power to control their personal data
  • Smoothening the regulatory environment and synchronizing and unifying all regulations concerning data protection regulations across the EU, and lubricating the process of doing global business within the EU.

What benefits does the new legislation offer?

The GDPR has been legislated to offer many advantages:

  • Within the company, Personally Identifiable Information (PII) will be processed with greater ease and clarity
  • The security controls in place till now will be unified and strengthened across all the EU members
  • Its stronger safeguards for data protection inspire greater customer confidence
  • The process of doing business in the EU is now a lot more simplified

What happens when companies fail to comply with the GDPR rules?

The EU mandates strict penalties for companies that fail to comply with the GDPR provisions on data protection provisions on data protection:

  • They have to pay penalties of between two and four percent of their worldwide revenues
  • Fines can go up € 20 million
  • The EU laws can initiate serious and expensive lawsuits
  • All these mean that companies obviously lose face

GDPR 1235416484

These are the reasons for which companies that want to do business in the EU need to have thorough knowledge of this law and the ways in which it applies to them. This is the means to avert the expensive consequences that follow from noncompliance.

 

Proper understanding of the ways in which the GDPR works

Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will be offering a clear and thorough understanding of this new legislation at a webinar that it is organizing. Founder of GO DPO® and the Co-Director of the GDPR Transition Programme at Henley Business School and one of the leading data protection practitioners in Europe, Ardi Kolah, will be the speaker at this session.

Want to understand how Ardi will bring the varied and rich experience he has gained over the years into this very important topic? Then, please register for this webinar by visiting Features including a risk-based approach

Ardi will show how important it is for Data Controllers, Joint Data Controllers and Data Processors to address all the points relating to business continuity, risk and technology if they have to achieve the outcomes expected by the Supervisory Authorities and Industry Regulators. He will explain how to use this knowledge to build deeper trust with customers, clients, supporters and employees and a strong reputation.

The following areas will be covered at this webinar:

  • Difference in scope between Directive 95/46/EC and key data protection principles
  • Expanding the definition of personal data and special personal data
  • Enhanced individual Data Protection Rights
  • Key organisational and Personnel Changes
  • Mandatory personal data Breach Reporting
  • Global personal Data Transfers outside of the EEA and co-operation between Supervisory Authorities
  • New financial Penalties and Sanctions
  • Member State laws and the GDPR.

Actions for Noncompliance of cGMPs in the Quality Control Laboratory

Quality controls in laboratories are a major area for which the FDA issues 483’s. A laboratory is the venue for many activities, all of them of varying importance to the product. When controls in laboratories are not up to the standard, such a laboratory could produce products that do not meet quality and processes expectations, and hence invite 483’s.

Quality Control Laboratory 141216186486

 

Issues with drug quality, drug integrity and data integrity, as well as data fabrication and human errors and even behavior towards the FDA inspectors during inspections are some of the reasons for which laboratories get hauled up by the FDA. The inappropriate or incomplete implementation of cGMPs in the Quality Control labs is a major area for which the FDA takes penal actions against them.

Most common areas of noncompliance

These are some of the most common areas in which the FDA is likely to find issues relating to cGMPs in Quality Control laboratories:

  • Out of Specification lab results
  • Laboratory error- improper analysis method, use of incorrect standards, and/or miscalculation of data
  • Operator error or non-process error
  • Fault in the manufacturing process
  • Product failures
  • Laboratory documentation and records
  • Validation of methods
  • Equipment errors
  • Problems with raw materials
  • Lack of in-process controls and specifications
  • Management of the laboratory
  • Unexplained anomalies

Ways of avoiding penal actions

maxresdefault 56897951

From about the 1980’s, the FDA has been targeting Quality Control laboratories ever more stringently. The way of avoiding receipt of 483’s, which could escalate into a Warning Letter if it not addressed properly, is to be aware of all the ways by which to meet the FDA’s requirements of cGMPs in Quality Control laboratories. Some of the steps a QC laboratory needs to take to avoid FDA actions include:

  • Carefully reviewing and analyzing the regulations, inspectional guidance, 483 observations and Warning Letter and internal audit observations and deviations
  • Thoroughly reviewing laboratory practice and procedures
  • Gaining knowledge of the areas the investigators review and the type of observations that are made in other organizations and using this information to ensure that their laboratory operations are improved

Implementing actions based on these is at the root of its strategy for avoiding future observations of non-compliance and the issuance of 483’s from the FDA.

A valuable learning session on implementing these

How do laboratories do all these? How do they implement the correct cGMPs in their Quality Control laboratories, so that they meet the FDA’s compliance requirements? A webinar on this highly relevant and meaningful topic from Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will show how.

John Lanese, an independent consultant with a focus on Quality Systems and the components of an effective Quality System and Founder of The Lanese Group, which consults with small and large medical device and pharmaceutical companies, including companies under FDA Consent Decree, API and excipient manufacturers, electronic firms and other manufacturing organizations; will be the speaker.

Please register for this highly valuable session by visiting and learn all that it takes to implement cGMPs in the Quality Control lab and avoid harsh penalties from the FDA, which could set your business back.

A thorough approach to imparting lessons on cGMPs

This is the approach that John will adapt for inculcating the lessons on cGMPs in the Quality Control laboratory:

He will apply one aspect of a proactive approach and review how this approach can be implemented for meeting regulatory requirements. He will then analyze 483 and Warning Letter observations to determine if similar observations that could serve as a benchmark to initiate further preventive actions could be made in the participants’ facility.

John will explain the non-conformances most often cited by the FDA, along with the relevant regulation. He will then show specific observations that relate to the laboratory cited in Warning Letters and FDA 483s. John will use these real life examples to show to participants the ways of analyzing what went wrong. He will explain the systems, procedures and records the laboratory should have in place that would prevent a similar observation. He will also familiarize the participants with several questions that a laboratory manager or an auditor might ask to assure that appropriate systems, procedures and records are in place and are being followed.

quality-control-in-the-medical-laboratory-16-638568541

Key personnel in laboratories, such as Quality Control Laboratory Managers, Quality Control Laboratory Supervisors, Quality Control Analysts, Quality Control Microbiologists, Quality Assurance Managers, and Quality Auditors will gain immense benefits by participating in this webinar. They will be able to critically evaluate key areas in the laboratory operations for compliance and identify areas for improvement after completion of this webinar.

John will cover the following areas at this webinar:

  • System Based Inspection Guidance
  • Laboratory Control System
  • Most common observations in the laboratory
  • 483 and Warning letter observations
  • Analysis of observations
  • Areas for preventive action.

Ways of getting the PREDICT, ACE and the HTS right to smoothen shipping

In September 2014, the FDA deployed a new risk-based screening tool for imports called the Predictive Risk-based Evaluation for Dynamic Import Compliance Targeting (PREDICT). The main aim of PREDICT was bringing about improvement in screening and targeting of adulterated or misbranded goods or those that flout any of the FDA’s rules. The FDA seeks to bring this about by doing away with its legacy electronic system, OASIS’ admissibility screening function.

PREDICT is an important tool that helps entry reviewers target and inspect higher-risk shipments. In parallel, PREDICT also smoothens and accelerates the clearance of any cargo that carries lower risk, so long as accurate and complete data are provided by importers and entry filers.

The new import requirements have now become harsher and effective in unison with the U.S. Customs and Border Protection’s ACE software program. These programs together look for a lot more information from the foreign source of the goods than earlier. Not only are these requirements linked to the FDA’s product codes and U.S. Harmonized Tariff Schedule (HTS); there has to be a match between the information entered on the entry’s commercial or pro forma invoice with the one provided in and entered into PREDICT and ACE software.

bookie-software-program

In the event of even a minor error or mismatch in the software coding information, importers and shippers can expect expensive delays and a possible refusal of the entry. Those who participate in a voluntary Affirmation of Compliance (AOC) are allowed some lenience by the FDA from the strict requirements. Yet, providing accurate information is imperative for aligning and reconciling the information contained in PREDICT, ACE, Invoice and AOC. Any lapse in adhering to any of these procedures or ensuring the accuracy of the data match has major consequences in the form of fines and delays.

It is critical to get all the procedures in the right order

In the nearly three years that the new import entry filing requirements have been in place, users have been facing problems. What happens when the importer is unable to meet the FDA’s and the Customs and Border Protection’s requirements? There are costly delays. When these delays happen, the importer has to turn to the FDA to resolve the problem. This can be tedious. The only really effective antidote to these issues is paying full and proper attention to how to use the two programs and getting their implementation right to a T.

And then, the importer has to also complete the task of linking the FDA’s and U.S. Custom’s software to an importer’s legal requirements by using the correct Harmonized Tariff Schedule (HTS) code. This is a major determinant of how the FDA will apply its requirements. Importing, however, becomes easier if the information on the manifest, invoice and affirmation of compliance are consistent with each other and correct. So, the crucial task for the importer is to get the harmonization of all these right, because apart from marking out a wrong entry as a problem that requires greater scrutiny for data verification; the FDA will also impose fines for filing incorrect entry data in ACE.

Proper guidance on the ways of meeting these requirements

Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will be organizing a webinar aimed at helping importers, shippers and others related to these activity get the alignment and matching of the PREDICT, ACE and the HTS right.

index

Casper Uldriks, who owns the firm, Encore Insight LLC and has worked for over 32 years with the FDA or its divisions at various levels, will be the speaker at this webinar. His having developed enforcement actions and participated in the implementation of new statutory requirements over many years has given him sharp insights into the FDA’s way of thinking. If sharing the insights this expert brings into the FDA’s software programs is relevant to you and interests you, please register for this webinar by visiting Software Screening Program

The intention of this webinar is to explain the benefits from the new requirements of the software programs, which help importers to streamline the import documentation and let them check the status of their entry, as well as the communications between an importer or its broker and U.S. Customs.

Casper will cover the following areas at this webinar:

  • FDA’s required information for the PREDICT software screening prior to entry
  • FDA product codes
  • Custom’s required information for the ACE software system prior to entry
  • Custom’s Harmonized Tariff Schedule (HTS)
  • Affirmation of Compliance (AOC).

Understanding and applying ICH Q3A and Q3B

The ICH Q3A and Q3B are guidances on dealing with impurities in new drug products. These documents have been issued by the FDA and are updates of earlier versions on the same topic that were prepared by the ICH, which this FDA guideline complements. This is why the documents get their name. The FDA keeps revising these documents from time to time. After every revision, the latest version carries the added taxonomy of “R” to denote that the guidance is a revised one.

international-analytical-methodology-48-728

The Q3A and the Q3B are two revised guidelines that relate to impurities in drugs. Impurities can happen due to a number of reasons. These are some of them:

  • Raw materials
  • Byproducts
  • Residual solvents
  • Reagents
  • Product reactions
  • Catalysts
  • Foreign impurities
  • Product degradation

The ICH guidelines Q3A and Q3B deal with the ways of addressing organic and anorganic substances, respectively.  They both follow the principles of reporting, identification and qualification of impurities at defined limits. They both exclude impurities arising out of the excipients of drug products.

Scope of Q3A

The scope of the Q3A guideline is limited to testing of impurities in new drug substances. It concerns itself with the content and qualification of chemical substances in new drugs. It is not meant for products derived from herbal, crude, animal or plant, or semi synthetic origin. It is also not for products in the clinical trial stage or for addressing extraneous contaminants, polymorphic forms or enantiomeric impurities.

Scope of Q3B

international-analytical-methodology-57-728

The scope of the Q3B guideline differs in some ways from that of Q3A. It is meant for the content or qualification of degradation products. It excludes products of all the sources that Q3A does, and additionally also excludes impurities arising from excipients or extractables/leachables of the container closure system.

Thorough and full understanding of these guidelines

It is to offer a complete and thorough knowledge of how to apply the Q3A and Q3B guidelines that Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will be organizing a webinar. Greg Martin, who is the President of Complectors Consulting (www.complectors.com), which provides consulting and training in the area of Pharmaceutical Analytical Chemistry and served as Director of Pharmaceutical Analytical Chemistry (R&D) for a major Pharma company for a number of years during his over 25 years of experience in the pharmaceutical industry; will be the speaker at this webinar.

To gain clear insights into how these ICH/FDA guidelines apply to your laboratory or area of work, please register for this webinar by visiting Applying ICH Q3A and Q3B for Control

All about the guidelines and regulatory expectations

The objective of this webinar is to provide participants with an understanding of the regulatory expectations for controlling impurities and degradants, including DNA reactive/potential genotoxic impurities, in drug substances and drug products.

Participants who complete this course will be able to:

  • Understand regulatory expectations regarding impurities, degradants and potential genotoxic impurities in pharmaceuticals
  • Understand what specifications will conform to regulatory expectations
  • Develop a process for reporting impurities and addressing OOS situations

Greg will cover the following areas at this webinar:

  • Landscape of impurities requiring control in pharmaceutical products
    • General impurities: elemental impurities, residual solvents, microbiological
    • Drug-related impurities process impurities, degradants, potentially genotoxic impurities
  • Process Impurities
    • Understanding ICH Q3A
    • Where impurities originate
    • How impurities are characterized
    • How specifications are developed
    • How impurities should be reported
  • Degradants
    • Understanding ICH Q3B
    • Where degradants originate
    • How degradants are characterized
      • Potential genotoxic impurities
    • How specifications are developed
    • How degradants should be reported
  • Questions and discussion

How to Comply and how to Protect Privacy

The General Data Protection Regulation (GDPR) –codified as Regulation (EU) 2016/679 – is an important law concerning the protection of data of all people living in the European Union (EU). Through the GDPR regulation; all the legislative and secretarial bodies of the EU, namely the European Parliament, the Council of the European Union and the European Commission, fortify and toughen and unify all aspects of data protection for all individuals within the European Union (EU).

Business, Technology, Internet and network concept. Young businessman showing a word in a virtual tablet of the future: Data protection

Another area that is addressed by the GDPR is the export of personal data to regions outside the EU. The core purposes for which the GDPR is enacted are twofold:

  • Giving control back to citizens and residents over their personal data
  • Simplifying the regulatory environment and bringing about uniformity and unity in data protection regulations across the EU to facilitate the ease of doing global business within the EU.

The GDPR will be the new law without requiring members to endorse it

The GDPR came into effect when the European Commission adapted the proposal for its creation on January 25, 2012. When the GDPR comes into effect and becomes enforceable from 25 May 2018 after a two-year transition period after being adopted on 27 April 2016; it will replace the data protection directive that has been in use in the EU from 1995: Directive 95/46/EC.

The all-powerful nature of this regulation can be gauged from the fact that it does not require legislative support from any of the EU members. It straightaway becomes law and will be directly binding and applicable from the date of its enforcement.

Benefits of the new legislation

EU-GDPR-new-1

The GDPR will come with many advantages:

  • It will offer greater and clearer insight into Personally Identifiable Information (PII) processing within the company
  • It will boost security controls and unify these across the 27 EU members
  • It brings about increased customer confidence, since there are stronger safeguards for data protection
  • It will relax the process of doing business in the EU

Drawbacks of the GDPR for companies that want to do business in the EU

While the primary objective of the GDPR is smoothing the laws for allowing global businesses in the bloc; it comes at a rather expensive price tag: If companies fail to comply with the GDPR provisions on data protection, they end up coughing up two percent of their worldwide revenues in penalties!

These are some of the other pain areas of the GDPR:

  • Provisions stipulate fines of up to € 20 million
  • Inviting a host of complicated lawsuits
  • Loss of reputation
  • A host of liability cases

These facts about the GDPR make it necessary for companies in any line of business that want to gain access to the huge EU market to get a complete and clear grasp of the nuances of this new legislation. This is absolutely necessary if they have to avoid the consequences of noncompliance.

Get to understand the ways of the GDPR

This is the learning that a webinar from Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance, will be offering. Derk Yntema, who has over 15 years of experience in ICT and security-management and has demonstrated capacity to implement innovative security programs that drive awareness towards information security and strengthen organizations and proven knowledge of privacy legislation and helping companies towards privacy compliance, will be the speaker at this session.

To get a full and proper understanding of the GDPR and how it affects your business, please register for this webinar by visiting Security Controls up to level

At this webinar, which will be of very high value to professionals such as Board of Directors, Supervisory Board, CxO’s and Compliance Managers/Officers; Derk will cover the following areas:

  • What is Privacy?
  • How to Protect Privacy
  • What is PII?
  • What is in the GDPR (General Data Protection Regulation)
  • How to Comply.

Sources of contamination that exist in a clean room environment

Aseptic technique is one of the methods used in eliminating or at least minimizing contamination in pathogens. It is also used to make compounding sterile products. Sterilized equipment, sterile apparel, high degree of processing, and cleaning on a continuous basis make up the important procedures used in aseptic technique.

The main aim of aseptic technique in cleanrooms is to ensure that the sterile product is sterile, safe and effective. Ensuring this is all the more important for injections that are administered to patients. Aseptic technique is suited for application in any clinical setting. Infections can be caused when pathogens come into contact with the patient through a number of sources such as equipment, the environment, or the personnel in the cleanroom.

bacteriology-laboratory-organization-36-728

The fact is that any patient is potentially vulnerable to infection. Further, certain conditions such as injuries caused by accident, immune disorders that upset the body’s natural defenses and extensive burns increase the susceptibility of the patient to greater levels of infection. Surgery, urinary catheters, drains and the insertion of intravenous lines are common situations that require the use of aseptic technique.

A learning session on all the areas of aseptic techniques

All the core aspects of aseptic techniques and the ways of applying them in a cleanroom environment will be the topic of a webinar that is being organized by Compliance4All, a leading provider of professional trainings for all the areas of regulatory compliance. The speaker at this webinar is Danielle DeLucy, who owns ASA Training and Consulting, LLC, which provides pharmaceutical and biologics-based companies with training and Quality Systems assistance that helps them meet regulatory compliance.

Please enroll for this webinar by visiting Aseptic Technique and Cleanroom Behavior

Why are cleanrooms built the way they are?

This course will review proper cleaning, gowning and ways to avoid the common sources of contamination that exist in a cleanroom environment. It serves as a good refresher for those personnel that are familiar with the way to properly work in the cleanroom. Danielle will explain the rationale behind designing cleanrooms the way they are and how this design helps in ensuring proper contamination control. She will review some of the proper methods of contamination control, such as cleaning and gowning.

gbhomeslider1

At this webinar, which is of high value to those involved in contamination control, such as aseptic operators, aseptic sample handlers, personnel who work in a Biological Safety Cabinet (BSC) and their management and Quality Assurance counterparts; Danielle will impart the following learning objectives:

  • Definition of Aseptic Processing (AP)
  • Terminal Sterilization vs. AP
  • Proper Personnel Behavior in a Cleanroom
  • Facility Design and how it impacts the product
  • A review of proper environmental monitoring practices and systems used
  • Aseptic Technique &clean room behavior.

How to create processes and procedures to implement them

Product Risk Management is a critical aspect of ensuring medical devices are safe and effective for intended uses. This course will help you understand the regulatory requirements, including ISO14971.

Risk Management 27c1eb1e2dc1b8a3706b072b36cda186

You’ll learn techniques that can help you identify hazards and potential harms. You’ll learn how to mitigate risk and effectively monitor risk to ensure your customers receive safe and effective products. A rigorous risk management process can prevent serious problems and costs for your company.
In this webinar we’ll cover:

  • Overview and Definitions
  • FDA Expectations
  • ISO14971 Regulation
  • Linkages to Design Controls, Production Controls, Investigations, and CAPA
  • Risk Management throughout the product lifecycle
  • Common mistakes
  • Best Practices

Many companies have even experienced class action law suits because of product quality issues. An effective program of risk management can help you proactively identify and mitigate product risks. A good risk management process can help you methodically identify, mitigate, and monitor risk throughout the product life-cycle. By visiting this Management Techniques for Medical Devices

product-life-cycle

Here the areas will be covered by the Susanne Manz

  • Overview of the ISO14971 standard as it applies to medical device companies
  • Integrating the new standard with ISO 13485 as part of your overall QMS
  • Conducting a review of the intended use of your device
  • Stages of Risk Management as well as Tools and Techniques
  • Identifying hazards in your product or production process, and estimating their severity
  • Judging the probability that harm may occur from those hazards
  • How to control those risks and monitor the effectiveness of the controls put in place

Those who will be benefited by the session as listed in the below

  • Design Engineer
  • Manufacturing Engineer
  • Quality Engineer
  • R&D Personnel
  • R&D Project Managers
  • Quality Managers
  • Auditors
  • Regulatory Affairs Specialist
  • R&D Manager

It offers professional trainings for regulatory compliance professionals and offers innovative strategic consulting and advice to a broad range of organizations. These services help them to be compliant with regulatory requirements.

Susanne Manz MBA, MBB, RAC, CQA is an accomplished leader in the medical device industry with emphasis on quality, compliance, and six sigma. She has an extensive background in quality and compliance for medical devices from new product development, to operations, to post-market activities. While at GE, J&J, and Medtronic, Susanne worked in various world-wide roles including Executive Business Consultant, WW Director of Quality Engineering and, Design Quality, and Director of Corporate Compliance. Susanne has a BS in Biomedical Engineering and an MBA from the University of NM.