The introduction of the DPDPA, 2023 has brought in the opportunity for various sectors including the pharma companies to update their operational strategies. Pharmaceutical companies which manufacture their own products or even carry out contractual research organizations operating within India are required to change their structures. Companies must focus on managing personally identifiable information (PII) acquired from people, mainly their customer base. The DPDPA, 2023 (hereby referred to as Act) regulates the processing of digital personal data and recognizes individual’s right to privacy and protection of their data while underlying the necessities of processing and storing of sensitive data for purposes which are lawful. The DPDPA does not override any of the existing sectoral laws, but in turn supplements such laws hence making it convenient for companies to restructure according to the Act.

Data-Intensive Nature of the Pharmaceutical Sector

The pharmaceutical sector is one of the highly data-intensive and driven sectors in the economy. This data ecosystem sector mainly processes data related to patient health status and the delivery of the healthcare services regularly, collected from various databases. These databases are usually Electronic Health Records (EHRs), health data voluntarily provided by the patients and patient report outcomes, all of which are usually acquired from various devices, medical claims, medical bills, disease registries, observational studies, social media and patient powered research groups. Pharmaceutical companies, hence, generate and process a plethora of sensitive personal data. This makes them vulnerable to threatened privacy and protection in the forms of breaches, cyber-attacks, compliances, ethical downfalls and consumer trust.

Adjustments for Multinational Pharma Companies

Multinational pharma companies which are operating in India and are based out of the foreign nations would require to carry out certain modifications in their current data privacy programs. For such Indian MNC pharma companies which are operating overseas, an overall review of their current data privacy structure and data protection must be carried out according to Indian regulatory. Companies must further examine additional requirements under the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) and accordingly must make investments to ensure compliance with regulations.

Read Original Article Here >