Data Protection Officer
Our Data Protection Officer service at Pharma Data Protection gives you the peace of mind that your company’s data protection and regulatory compliance requirements are in reliable, experienced hands. Our specialist team ensures you meet every aspect of your DPO responsibilities.
The GDPR requires many organisations that process people’s private information to appoint someone to oversee GDPR compliance. The Data Protection Officer (DPO) role is mandatory for pharma companies that process health-related information on data subjects. It plays a significant role in your company’s data protection and regulatory compliance. In the pharmaceutical or biotechnology sectors, it is vital that your DPO possesses not only knowledge of data protection law in Europe but also the wider knowledge and expertise of what pharma does.
The DPO can be an employee, but they must be sufficiently independent so that conflicts do not arise between roles and responsibilities. However, pharmaceutical SMEs may find it challenging to deliver the DPO responsibilities, given the breadth of knowledge required in data processing and data security operations and experience in applying the legal aspects of the GDPR.
Our comprehensive DPO service can help you meet your data protection and regulatory compliance requirements and DPO responsibilities offering the following benefits to your research organisation:
- Helping you create a culture of data protection, keeping your organisation and employees up to date on your obligations under the GDPR and any other applicable EU member state or UK data protection provisions.
- Managing your GDPR compliance action plan and monitoring your organisation’s compliance with the GDPR.
- Training your staff on GDPR compliance, performing audits and maintaining regulatory records.
- Acting as your point of contact with the data protection supervisory authorities.
- Helping you perform Data Protection Impact Assessments (DPIAs).
- Supporting you creating, updating and reviewing mandatory data protection documentation (including policies and procedural documents).
- Advising you on Data Subject Access Requests (DSARs), data breach monitoring, management, and reporting.
Supported by our team of experts, Pharma Data Protection’s DPO service is delivered to multiple clients, allowing us to draw on good practice from our whole client base to help your organisation.
We provide objective, independent advice and an extra layer of accountability and support to your organisation – an indication to the regulatory authorities of your commitment to transparency and legal responsibility.
Data Protection Representative (DPR)
Non-EEA-based sponsors who don’t have a physical presence in the UK or EU member state in which they are conducting a clinical trial and therefore processing special categories of data must appoint an Data Protection Representative. This Representative is the local point of contact for EU or UK data subjects and the data protection supervisory authorities on all data protection issues. They are quite often a legal or privacy expert. The role is not the same as that of the Data Protection Officer.
Pharma Data Protection cannot provide the EU Data representative role and that of the Data Protection Officer as they are potentially in conflict. However, we can refer you to a company that offers a Representative service across the EEA and UK.