Sponsors based outside of the EU conducting clinical trials on participants in Europe or the UK must comply with the General Data Protection Regulation (GDPR) in respect of personal data gathered during those trials.
According to current guidelines and case law, this is the case even if the trials are conducted through Clinical Research Organisations (CRO’s) or clinical sites, and the Sponsor does not access the raw personal data, but only receives key-coded data.
We have developed solutions specifically for the clinical sector which provide you with the GDPR clinical trial legal representation you require to be GDPR compliant.
Sponsors who do not have an office or registered address in the EU require an Article 27 EU Representative to fulfil their obligations under GDPR. This is different to the requirement to have an EU Representative for clinical trials.
Once the UK leaves the EU on 1 January 2021, a UK Representative will be needed for clinical trials performed in the UK.
Our associated law firm Willans LLP is also on hand to assist with all your GDPR requirements – reviewing trial participant consent forms, reviewing Data Protection Agreements, updating your privacy governance framework and policies, as well as acting as your outsourced Data Protection Officer (DPO).
As your Article 27 Representative and/or UK Representative our role includes:
holding your Article 30 Records of data processing activity.
acting on your instructions in relation to data protection matters in the EU or UK.
acting as the first port of call for the local supervisory authorities in relation to compliance action.
receiving requests from individual data subjects in connection with their data protection rights.
once a data subject access request is made, we'll assist you in liaising with the data subject, if required.
We can act as your Article 27 Representative within the EU, and as your UK Representative, if required.
We are headquartered in Dublin, Ireland and have offices in the UK and Switzerland.
We have the capability to provide representative services in other EU member states and the UK if the majority of your data subjects are located there.
We can provide foreign language services.
We can assist you in notifying a data breach within 72 hours to all relevant UK and EU supervisory authorities.