A DPIA is required under the GDPR

A Data Protection Impact Assessment (DPIA)

Executing a data protection impact assessment DPIA.
When should a data protection impact assessment DPIA be conducted?

A Data Protection Impact Assessment (DPIA)

clinical trial data protection impact assessment DPIA firm

A Data Protection Impact Assessment (DPIA) is a process to help you systematically analyse, identify, and minimise the data protection risks of a particular project or plan. A DPIA is required under the GDPR any time you begin a new project that involves a high risk to data subjects’ personal information and is mandatory for processing health-related data.

The GDPR provides no specific guidance on how a DPIA applies to a pharma company conducting clinical trials. We take a ‘category’ approach to prepare a DPIA, i.e., we assume clinical trials are essentially one processing category and thus do not require individual DPIAs. Instead, we support you by designing a comprehensive DPIA that covers all clinical trials and has input from multiple disciplines within your organisation, including IT, clinical operations, and quality operations. Then we update the DPIA as each new trial comes along.

Our DPIAs contain the following:

  • A systematic description of the nature, scope, context and purposes (legitimate interest) of the processing. It includes information about the lifecycle of the personal data (Data Mapping)
  • An assessment of necessity and proportionality of the purposes of the processing operations – data protection by default
  • A review of current Technical and Organisational Measures (TOMs) to protect and assure personal information.
  • Recommendations for improvements to TOMs ensuring data protection is at the heart of the core functionality of processing systems and services – data protection by design

We partner with you to prepare your DPIA before you begin processing data, ideally before or during the early stages of planning your clinical trial.

We have developed comprehensive screening checklists based on years of pharma industry knowledge and experience applying the GDPR in a pharmaceutical and biotech context. The checklists ensure we address all aspects of the GDPR, overlooking nothing.

A comprehensive DPIA before you start processing data can save your organisation time and money once your clinical trial is underway.

Pharma Data Protection

Talk to us about a Data Protection Impact Assessment.

Helping pharmaceutical and medical device businesses worldwide navigate the interface between pharma and EU data protection.