Clinical Trial GDPR Compliance: Key GDPR considerations often overlooked by non-EEA clinical trial sponsors
When learning anything new, something will inevitably be forgotten or overlooked. And implementing the GDPR for the first time is no exception, especially when we can only draw upon other data protection and data privacy laws with very different compliance requirements. This is where a GDPR compliance consultancy can keep you on track, ensuring nothing slips through the net.
Data protection concerns: Will the UK’s new data protection bill upset the EU-UK adequacy agreement?
In June 2021, the European Commission (EC) granted an ‘adequacy’ decision to the UK – effectively agreeing that UK legislation at the time, the UK GDPR, alongside an amended version of the Data Protection Act 2018 (DPA 2018), offered an equivalent level of data protection to EU citizens in a similar way to the EU GDPR.
Challenges of GDPR compliance for clinical trials spanning multiple international borders – a case study
Clinical trials often occur cross-border, involving sites under different regulatory authorities across multiple countries and continents. In our experience, it can be challenging to understand and comply with the data protection and privacy requirements for clinical trials. There are often differences in local laws and their interpretation relating to the interplay between these regulations and those specific to clinical trials.
The EU GDPR and UK GDPR require organisations to appoint a Data Protection Officer (DPO) if their data processing activities meet specific criteria. The DPO is mandatory for pharma or biotech companies processing health-related information on data subjects in the EU or UK. The DPO’s role and responsibilities are distinct from those of the Data Protection Representative (for companies not established in the EU or UK). The role should not be confused with other roles, such as the legal representative under the Clinical Trials Regulation.
This article explains when to conduct a DPIA, provides an overview of the steps undertaken during a DPIA and how a GDPR compliance consultancy can support you through the process.