Many companies collect the data we generate and use it to their advantage by gaining new insights and making predictions about their customers. Collecting data and using it across a wide range of areas to learn and make decisions refers to the term, “Big Data.” Big Data positively helps companies operate in more efficient ways, but it has also created negative concerns for individuals and their overall privacy due to the rise in cyberattacks, finical scams and data breaches. Because of problems like these, there is an increasing need for regulation on the usage of all this big crazy data.
If people believe a company is not doing enough to protect the information they have been entrusted with, the consumer confidence in that organization is inevitably damaged. The significant mistrust associated with giving personal details to companies has lead individuals to see falsifying personal information as their right to protect their privacy…This is where pseudonymization and new GDPR regulations come in to play, and CliniSpan Health wonders how it could potentially affect data acquisition in clinical studies if the United States adopts similar GDPR regulations.
What is the GDPR Anyways?:
On May 25, 2018, the General Data Protection Regulation came into effect in the European Union. The GDPR is an addition to the European Union’s general policy of protecting citizen’s data, and it is a legal framework that sets guidelines for collecting and processing personal information. This new regulation specifies the rights of individuals and has definitive requirements for companies to follow. Differing from past regulations, the GDPR imposes enormous fines if requirements are not met, which is why many organizations are paying close attention. Just a few of the new requirements are listed below.
- Explicit consent — Clear language and a checkbox must be provided for the data subject to give consent for their personal data to be used beyond the initial reason of collection.
- Data subject rights — The data subject has the right to ask what is done with their information, ask for correction, object to processing, lodge a complaint, or ask for the deletion or transfer of their personal data.
- Lawful and transparent processing — Companies cannot process personal data for any reason other than the legitimate purposes, and data subjects must be informed about their data’s processing activities.
- Notification of hack or breach — The data subject must be informed of the situation within a certain time frame after identifying the hack or breach.
- Appoint data protection officer — This officer would have the responsibility of ensuring that the company complies with the GDPR requirements.
Pseudonymization and the People:
The GDPR requirements will immensely alter how firms examine withheld data because they will be pushed to pseudonymize personally identifiable information. Pseudonymization means to process personal data in a way so that it cannot be traced back to a specific individual without the use of additional information. Because of this, more companies will decrease the amount of information they collect to only the absolute essentials needed. The pseudonymization of personal data will essentially increase consumer confidence and, we the people will be able to regain trust in the organizations we love and rely on.
So now, we ask “If these regulations were enforced in the United States, how could they affect CliniSpan Health, clinical trials and the nonprofits we aim to serve?” In the past, Big Data has improved clinical studies by analyzing vast numbers of medical records and images. That access allowed diseases to be identified early-on and helped develop new medications to keep us healthy. However, some of the information that enabled us to gain such insight would no longer be accessible if the new GDPR is enacted here. Therefore, we question if the clinical trial process and the development of new drugs will take longer or cost even more than it already does. Although we recognize the GDPR has good intentions, we also understand the downfall and complications that companies could face as a result.
To examine how the regulations could affect nonprofit organizations, we look at a test performed by NextAfter. NextAfter tested one of the new GDPR regulations, express consent, to understand the potential impact it could have on a nonprofit. The question they aimed to answer was, “Will asking for express consent on an acquisition offer affect conversions?” After putting this regulation to the test, they found that the GDPR compliant language decreased acquisition rates. NextAfter says a drop in acquisition leads to revenue loss because fewer people would be subscribing to the nonprofit’s email list. As a result, the organization wouldn’t have as large of a file to ask for donations to their cause.
We feel that nonprofits exist in the world of express consent, and therefore, add much greater validation to their email lists. Quality of the list would increase because only users with higher motivation would make it to the end of the acquisition process and donate to the cause, which is great news for CliniSpan Health. That means the email recipients would be more motivated to fundraise for their beloved nonprofit organization by enrolling in one of the clinical trials CliniSpan Health has to offer…and that’s is a win-win for everyone! CliniSpan Health gets to continue serving our communities by fundraising for your favorite nonprofit organizations all while increasing enrollment in clinical trials.
Written By Madeline Robison
Beattie, A. (2018, May 26). General Data Protection Regulation (GDPR). Retrieved from https:// www.investopedia.com/terms/g/general-data-protection-regulation-gdpr.asp
Bhatia, P. (n.d.). 10 key GDPR requirements: A short summary. Retrieved from https://advisera.com/ eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
Bunker, G. (2017, August 07). The GDPR: The Raison D’être behind the new regulation. Retrieved from https://www.itproportal.com/features/the-gdpr-the-raison-dtre-behind-the-new-
Caspio. (2017, November 10). Data Harvesting & How to Prevent it. Retrieved from https:// blog.caspio.com/what-you-need-to-know-about-data-harvesting-and-how-to-prevent-it/
Hill, N. (2018, May 21). What Does GDPR Mean for Online Fundraising? Retrieved from https:// www.nextafter.com/blog/gdpr-online-fundraising/
Jones, D. (2017, November 03). Why The Convergence Of Two Trends Will Alter The Way BusinessesManage Data. Retrieved from https://www.forbes.com/sites/forbestechcouncil/ 2017/08/28/why-the-convergence-of-two-trends-will-alter-the-way-businesses-manage-data/
Marr, B. (n.d.). What is Big Data? A super simple explanation for everyone. Retrieved from https:// www.bernardmarr.com/default.asp?contentID=766
Newcomb, A. (2018, April 4). Facebook says privacy scandal includes records of 87 million people. Retrieved from https://www.nbcnews.com/tech/tech-news/facebook-data-harvesting-scandal- widens-87-million-people-n862771
Wintergerst, D. M. (2018, March 27). Protecting GDPR Personal Data with Pseudonymization. Retrieved from https://www.elastic.co/blog/gdpr-personal-data-pseudonymization-part-1