GDPR and Clinical Trials

Helping You Create a Healthier World While Protecting Data Privacy

The European Union’s (EU) adoption of the General Data Protection Regulation (GDPR) in 2018 resulted in direct effects on the approach, planning and conduct of clinical trials. The sweeping legislation, which is designed to harmonize data privacy laws across Europe, can affect trials in many different ways. Understanding whether and how GDPR impacts your clinical trial is crucial for the protection of your patients and their personal data, as well as the data of all other individuals involved. The GDPR impact may also extend to your company, as significant fines accompany failure to comply with GDPR requirements.

Pharm-Olam’s data protection team delivers peace of mind through our practical and tested solutions, by combining experience in clinical research and knowledge in data protection. Our GDPR consulting and EU representation for GDPR make certain that your trials comply with the applicable regulations.

Additionally, we have a comprehensive, global privacy program designed to respect and protect the personal data we process, including all data processed on your behalf. Our internal privacy program enables us to achieve privacy by design through robust data protections integrated throughout all our processes and technology.

GDPR Services & Consultancy

Protecting Data Privacy. Protecting You.

Pharm-Olam offers GDPR consulting services. We are adept at consulting on GDPR requirements as it relates to clinical trial implementation, regardless of whether you are based in the EU or elsewhere. We work with you to confirm that the data privacy in your trials, as well as your internal business operations, is in place and sustained.

Whether at the study or company level, our GDPR consulting service includes:

GDPR compliance assessment

Implementation plan development

Informed consents

How to word the informed consent form (ICF) to be GDPR-compliant and adjust it to different country requirements

Contract requirements

Which types of contracts are required between different parties depending on their role

Data mapping

Mapping data flows of all data subjects: patients, investigators, CRO and vendor employees, sponsors, etc.

Data transfers

Which safeguards need to be implemented for data transfers

GDPR EU representation

Helping non-EU sponsors comply with GDPR obligations for EU representation, which is different than having an EU legal representative for clinical trials

Privacy notices

Drafting information that needs to be provided to data subjects

Data protection officer (DPO) requirements

Determining if you are required to have a DPO

Data subject rights

Developing internal procedures for handling subject rights and managing data subject rights requests

Data breaches

Developing internal procedures for handling data breaches and managing reported suspected data breaches

Data protection impact assessments (DPIAs)

Developing internal procedures for DPIAs and conducting DPIAs

Security of processing

Ensuring data protection by design is embedded in all systems and projects

Records of processing activities

Maintaining required documentation, where legally required

Training

Staff training and on-site assistance, including updating senior management on GDPR compliance status

Communication

Managing any other relevant communication between data subjects and supervisory authorities on your behalf

Templates

Providing relevant templates

Our 2018 introductory GDPR Webinar

On-Demand Webinar: What is GDPR? And How Does It Impact Clinical Trials

Right before the launch of GDPR, Pharm-Olam held a webinar introducing the concept of GDPR and how it is implemented in the clinical trial setting. You may click the video image to the left to watch this insightful webinar from 2018.

If you would also like to access the latest update on GDPR from experts, then click the button below for our latest update webinar on GDPR implementation - 1 year later.

2019 GDPR Update Webinar

Our 2018 introductory GDPR Webinar

EU Representative for GDPR

The Representation You Need, Done Right

If you are based outside the European Union (EU), then having an EU representative for GDPR is a legal requirement introduced by the GDPR Art. 27. (Please note that this is different than having an EU legal representative for clinical trials.) Pharm-Olam´s EU representative service fulfills all GDPR elements needed within your study, including:

Serving as the contact point for data subjects and supervisory authorities for all issues on processing within the study
Supporting finalization of the data protection section of the relevant study documents, such as master and country versions of ICFs and CTAs, and privacy notices
Mapping the data flow for the study and advising on any relevant agreements between parties as well as safeguards for data transfers
Assisting with developing internal procedures for handling subject rights and data breaches, managing data subject rights requests and reported data breaches

Pharm-Olam Insights

Read our latest insights on GDPR or other interests found on our blog. In addition see our latest news headlines or find out where we will be next at industry conferences.

Learn More

Will Your Next Clinical Trial Be In Compliance With the GDPR?

We can help! Talk with our experts today.

Digital Compliance Conference