Outsourcing Data Protection. A biotech client’s perspective

The GDPR’s widespread effects touch almost every clinical research, biotech and pharmaceutical business – no matter where they are based or what type of work they are doing.
Here we share with you an interview with one of our US clients, describing their engagement with the GDPR and how outsourcing data protection was the best way for them to solve their security, privacy, and compliance challenges.

The Client

A small biotech company based in San Diego, California, operating for four years. With a core team and business model to fully outsource to consultants, vendors, Clinical Research Organisations (CROs), laboratories etc.

The Challenge

What was your situation, and why were you interested in GDPR compliance?
We were about to kick off a global study involving several European countries. GDPR compliance was something that we still needed to do more on internally, and we knew going into Europe, we would need to be more engaged. We knew we needed to do this. It wasn’t an optional activity. So, we decided to get on it and start.

Did you have any prior knowledge or experience with the GDPR?
Our previous knowledge and experience are in US data protection. Although we’d worked in Europe during the early stages of GDPR implementation, we didn’t understand our organisational obligations regarding GDPR compliance. Our business model is to outsource as much as possible, so our Contract Research Organisation (CRO) at the time handled everything from their end.

However, this time, we knew we needed a long-term solution to address GDPR compliance from our business perspective.

Were you looking for a data protection consultant to help you with GDPR?
We were initially looking for some scientific development advice. We were referred to MWB Consulting by a colleague who had worked with them and was extremely happy with their work.

While working with MWB Consulting, they asked if we’d considered GDPR compliance. They introduced us to their sister company Pharma Data Protection (PDP), and the rest is history.

How did you know Pharma Data Protection was the right consultancy for your company?
We knew we had to get someone onboard that we could rely on, as we needed to learn more about the GDPR. Our lack of knowledge would make shopping around difficult.

We were lucky to have had a positive experience working with MWB Consulting. We knew that if Pharma Data Protection’s team worked the same way, we would be in safe hands and get the needed support.

It is 100 per cent important that we work with a data protection/privacy consulting service with a shared background – pharma experience. The data protection consultants need to know how to apply the GDPR to pharma working practices. Otherwise, you’re talking in different languages.
After talking to the Pharma Data Protection team, it was obvious that they were very knowledgeable and had proven experience in data privacy/protection within the pharmaceutical and biotech sectors. It gave us the added reassurance we needed.

Talk to us about your European clinical trial and GDPR compliance needs

Further collaborations

The team at Pharma Data Protection are now an integral part of our organisation and critical for us to maintain GDPR compliance. They act as our Data Protection Officer.
Therefore, we continue to meet with Pharma Data Protection regularly, so we can share our thoughts and review documents together. Without their time and support, I would struggle to adequately address data protection/privacy.

Having a knowledgeable, experienced pharmaceutical data protection consultancy onboard means that we are always ahead of the curve with compliance updates and issues – something we, as an SME, don’t have time to do ourselves.

Pharma Data Protection are a specialist team who offer industry-focused data protection consultancy, tools, assistance, and expertise to safeguard data subjects’ privacy and ensure EU GDPR and UK GDPR compliance.