By ERT’s Jason Siglasky, Director of Security and Risk Management, Brett A. Hoover, Director of Product Management, Imaging, Veronica Conteras, Data Privacy Officer, Counsel, Eren Tschoepe, Director of Cloud Services, Information Technology (IT).
Problem Statement: How Does ERT Imaging Help Sponsors Stay Complaint?
How does ERT Imaging help Sponsors comply with the General Data Protection Regulation (GDPR) when a clinical trial involves study sites and the collection of imaging data from multiple international geographic locations?
Our Program Ensures Compliance By Infrastructure Design
ERT’s data privacy and security governance program (“Program”) is built around a company culture that appreciates an individual’s right to privacy. The Program applies global standards in the following ways:
- ERT communicates to its employees the cultural importance, and awareness, of meeting statutory and regulatory data privacy and security requirements;
- ERT has written policies and procedures that address privacy and security obligations;
- ERT has established data privacy and security training, and educational programs, that promote its privacy and security principles;
- ERT performs on-going monitoring, and review, of the Program; and
- ERT makes available Program resources.
Additionally, as part of ERT’s Program requirements, the company has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk. ERT operates global infrastructure designed to provide industry standard security through the entire information processing lifecycle. This infrastructure is built to provide secure deployment of services, secure storage of data with end-user privacy safeguards, secure communications between services with a minimum of Advanced Encryption Standard (AES) 128 bit encryption or higher when available, secure and private communication with customers over the Internet via transport layer security (TLS), and the safe operation by approved ERT staff.
Our Experience in Data Protection
ERT designed the security of its infrastructure in layers that build upon one another, from the physical security of data centers, to the security protections of our hardware and software, to the processes ERT uses to support operational security. This layered protection creates a strong security foundation for ERT.
ERT supports many global clinical trials for its customers; and therefore, ensures that any international data transfers that occur outside the European Economic Area and Switzerland adhere to Privacy Shield principles. It’s important to note that currently, GDPR does not require that clinical trials utilize data centers in multiple geographic locations if/when study sites span multiple continents, countries, etc. ERT supports many studies that took effect after GDPR and we have not had an issue with utilizing data centers in multiple geographic locations to comply with GDPR.
If a project mandates that ERT must deploy and utilize a data center in a specific geographic location outside of where its current data centers reside, ERT’s cloud-based approach to imaging would be able to accommodate this request, but would have to be discussed internally and additional costs and study setup time may apply.
For additional information about ERT’s Program and how it ensures compliance with GDPR and other data privacy laws and regulations, please review ERT’s Privacy and Integrity Policy, located here: https://www.ert.com/privacy-policy/