Under the GDPR, one of the key requirements is that controllers are required to manage consent with the HCPs that they engage with, at any level now as opposed to acquiring consent “only” for data publishing under the transparency directive. Browsing through industry experts and teams establishing consent management within their organisations, I believe we can plot stages at which most of the pharmaceutical drug and device manufacturers within the EU are placed at, with respect to managing their consent programs.
Here is what it looks like, so far:
Stages depicted in terms of an organization’s process maturity towards capturing, revoking and managing other areas of consent, under the GDPR:
- Stage 0: No consent management program or not required
- Stage 1: In process of establishing SOPs for managing consent. Probably would go for manual process as a start
- Stage 2: Manual / paper-based consent program already implemented and either happy with the current process or working towards an automated vision
- Stage 3: Automated consent management program already implemented and looking ways to improve the process or becoming GDPR compliant
- Stage 4: In process of establishing SOPs / changes towards achieving GDPR compliant automated consent management program with some level of coverage on the regulation expected by May 2018
There might be other stages in the middle. I am sure most of us would love to learn:
- What stage your organisation is currently at? and
- What were some of the major challenges that you faced to get to that stage and would like to share with the rest of the community?