Data privacy consulting services
Emergo by UL's data privacy team has extensive experience in helping medical device and in-vitro diagnostic manufacturers navigate patient privacy regulatory requirements for global markets. We have in-depth expertise with US and European data privacy requirements and can help you address manufacturer needs for a range of connected devices, including:
- Medical Devices and accessories
- In-vitro Diagnostic (IVD) medical devices and accessories
- Medical Device Data Systems (MDDS)
- Internet of Medical Things (IoMT) devices
- Wellness Devices
- Software as a medical device (SaMD)
Governance and Strategy
- Implement strategies that fit risk profiles and appetites and enable trusted engagements with customers using privacy and cyber security governance frameworks.
- Privacy or Cyber Information Security Officer as a Service (CISOaaS or POaaS): Providing on-demand key management roles giving immediate access to an experienced and credentialed team.
- Privacy and Cybersecurity Assessments: Evaluation of organizational practices, procedures, controls, and systems, providing compliant and practical solutions to promote consumer and regulatory confidence.
- Vendor Management and Third-Party Risk Assessments: Assessment and Continuous Management of Vendors utilizing standards (ISO 27XXX or NIST) to improve your privacy and security posture.
Design and Deployment
Engaging with developers, designers, engineers, and management to include PbD or SbD frameworks into products and services from the start.
- Privacy by Design (PbD): Embed PbD on service/product realization lifecycle to deploy products and services capable of meeting privacy expectations.
- Privacy Impact Assessments: Structured evaluation and corresponding privacy impact of new technologies, products, and services on the management of protected information.
- Security by Design (SbD): Actionable SbD implementation in products and services.
World-class companies would never accept less than best-in-class regulatory and quality services. That’s why Emergo applies the same ethos and rigor to that deployment of privacy and security services, helping companies address compliance with global security and privacy requirements.
Privacy, data protection and security laws are rapidly evolving in the United States and across the world. In the US, in addition to federally enacted legislation, there are hundreds of state-specific security and privacy laws. In the European Union, with the adoption of GDPR, there is a structured and comprehensive approach. Other countries have mimicked the Europe’s GDPR in their privacy approach. Brazil’s Lei Geral de Proteçao de Dados (LGPD) was modeled directly after GDPR and is nearly identical in terms of scope and applicability, with less harsh financial penalties for non-compliance. Australia or South Korea's Personal Information Protection Act, which includes many GDPR-like provisions such as requirements for gaining consent, the scope of applicable data, appointment of a Chief Privacy Officer, and limitation and justification of data retention periods.