Life Science Data Privacy Management
The European Clinical Trials Directives 2001/20/EC and 2001/83/EC require that for all Clinical Trials (CT) carried out in the EU, a sponsor or a legal representative of the sponsor must be legally registered within the European Economic Area. We offer full legal and technical representation to sponsors not established within the EU and Switzerland, as required by EU Regulation.
EU GDPR requires non-EU companies operating in the EU who control or process sensitive personal data (such as medical data and clinical trials) to appoint an EU representative who will act as a Point of Contact for requests by the Supervisory Authorities (SA) or Data Subjects, and who will represent the Controller or Processor regarding their obligations under the GDPR.
The GDPR also requires that a Data Protection officer (DPO) be appointed. Organisations must also abide by all applicable national/member state Clinical Trial and Data Protection regulations. And, to demonstrate compliance, organisations must also show that adequate measures and safeguards are in place - technical, legal, administrative etc. So, in addition to representation, you will require an appropriate internal Data Privacy Framework and an associated Data Protection Impact Assessment (DPIA).
ID offers legal, technical and administrative expertise for Data Privacy Frameworks, DPIAs and Policy Governance as well as EU Representation and DPO services.
ID Data Protection Officers are experienced and accredited data privacy professionals. They also have substantial experience in Cyber Security and data related fields. ID DPOs are also supported by ID's professional Legal team.
ID's DPOs are helping organisations across the UK to implement the best procedures for Data Privacy Management. They operate in a variety of industry sectors including aviation, education, retail and clinical regulatory.
ID is implementing hundreds of privacy policies and training thousands of employees in several countries. We are also helping clients to respond to data breaches as well as manage SARs and Third Party compliance.