Essential EU regulations in the medical industry — part I

by Last updated Jul 2, 2020 | Published on Mar 3, 2020Newsletter1 comment

One of our challenges as medical industry professionals is that we need to keep up to date with key changes in our tightly regulated industry.

Even if we’re not responsible for implementing them and guarantee that they’re being implemented in our daily jobs, we need to know what is changing around us, why they’re changing, and how that will affect our work.

In the next issues, I’ll focus on the regulations that are already in force, some that will come into force very soon, and some that are still in the making.


As part of the Data Protection Act 2018, the General Data Protection Regulation (GDPR) came into force on 25 May 2018 and it had the power to upheave a lot of industries—including healthcare and medical.

I remember being at the pharmacy counter in May 2018 when someone asked the technical director if she had already taken measures to ensure that the pharmacy client database was compliant. She turned bright pink and stumbled a bit on her wording, and as a result of that conversation I was appointed as a data protection officer (DPO) — a fancy title that included nagging my colleagues into not leaving the patients’ prescriptions unattended. Good times, eh?

So, why did the European Commission (EC) decided to update the data protection rules?

The new regulation takes into account the increasingly digital world we live in, and is part of the overarching EU data strategy for the near future.

As a medical industry professional, what do you have to know about GDPR?

The main themes for GDPR are: accessibilitysecurity, and consent. In broad terms, every individual has the right to:

  • have access to their data and make it portable
  • know where their data is stored
  • know that storage is secure
  • remove their data from said storage if they so wish

For businesses, this means they must follow new legal formalities and there are increased obligations for anyone who collects and handles personal data in order to provide more protection for individuals.

The new regulation includes a section on the “right to be forgotten”, which is especially relevant for online social networks, but also for any small business that have client files, like physicians’ offices and pharmacies.

I recommend reading the EC Q&A about data protection, and heading over to the EU’s independent data protection authority for more information.


If you work in this industry, it’s impossible to not have heard about medical devices and the new regulation that was coming into force in May 2020, and is now postponed until May 2021 due to the COVID-19 pandemic.

The EU regulation 2017/745 affects all medical devices sold in the EU after May 26th 2021. Here are some key aspects of it:

  • Patient safety: after the PIP scandals there are tighter safety controls for all medical devices, especially implantable ones.
  • Post-market surveillance: the whole lifecycle of the medical device is now considered and periodically evaluated.
  • Transparency: with the creation of the EUDAMED web platform, the general public will have access to information about medical devices.
  • Traceability: the Unique Device Identification (UDI) system will allow the location of any given device at all times.
  • Language: there are 24 official EU languages, and all translations must be ready at the time of technical dossier submission (and not after).

You can read more about the impact of language and the need for translations in this CQ Fluency blog post.

I think we’re still going to hear a lot more about medical devices this year and how to best adapt to them. I find the intersection between medical devices and pharmaceutical/biological products—known as combination products—extremely interesting, and I’ll keep up with developments in the area.


The world is changing and Europe is positioning itself at the forefront of innovation. It is laying the basis for digital growth and improved healthcare and making sure its citizens are safe, healthy, and engaged.

Change always brings some growing pains, and some confusion and frustration are natural. I’m by no means a regulatory expert and many details about the new regulations escape my understanding, but I value some trusted sources to keep me updated.

Resource of the week

There are some amazing people in this industry, whose experience and kindness makes me look up to. We’re all busy people, and I’m always amazed how they can still carve out time to help others.

This week resource is a hidden gem, a LinkedIn article that glimpses into the future of medical writing and that served as inspirations for this series on EU regulations.

I’ve shared it privately with a couple of people and they thought it to be super useful, so now I’ll share it with you too. You’re welcome ?

What I’ve been up to

Last week I wrote a guest blog post about being an English as a second language (ESL) writer for Health Writer Hub. If you’re an ESL writer too, check out some of my tips and advice based on my personal experience.

Other posts you might like:

Blog home

About Diana Ribeiro

About Diana Ribeiro

Diana Ribeiro is a pharmacist and freelance medical writer based in Cascais, Portugal. Before starting her career in medical writing, Diana worked 10+ years in hospital and community pharmacies, where she helped patients and healthcare professionals with drug management and information. Nowadays, she helps pharma, biotech, and meddev companies communicate with their audiences in a clear, accurate, and compelling way. Diana is an active member of the European Medical Writers Association, where she volunteers for the webinar team. You can find more about her on LinkedIn.

1 Comment

  1. Tiago

    Thank you! This is really helpful 🙂


Submit a Comment

Your email address will not be published. Required fields are marked *

Pin It on Pinterest