GDPR representation
for clinical trials

Legal representative and data protection experts Willans Data Protection Services act as Article 27 and UK Representatives for Sponsors based around the world which perform clinical trials in either the UK or Europe.

Sponsors based outside of the EU conducting clinical trials on participants in Europe or the UK must comply with the General Data Protection Regulation (GDPR) in respect of personal data gathered during those trials.

According to current guidelines and case law, this is the case even if the trials are conducted through Clinical Research Organisations (CRO’s) or clinical sites, and the Sponsor does not access the raw personal data, but only receives key-coded data.

We have developed solutions specifically for the clinical sector which provide you with the GDPR clinical trial legal representation you require to be GDPR compliant.

Sponsors who do not have an office or registered address in the EU require an Article 27 EU Representative to fulfil their obligations under GDPR. This is different to the requirement to have an EU Representative for clinical trials.

Now that the UK has left the EU, a UK Representative is needed for clinical trials performed in the UK.

Our associated law firm Willans LLP is also on hand to assist with all your GDPR requirements – reviewing trial participant consent forms, reviewing Data Protection Agreements, updating your privacy governance framework and policies, as well as acting as your outsourced Data Protection Officer (DPO).

Article 27 Representative or UK Representative services: our role

As your Article 27 Representative and/or UK Representative our role includes:

holding your Article 30 Records of data processing activity.

acting on your instructions in relation to data protection matters in the EU or UK.

acting as the first port of call for the local supervisory authorities in relation to compliance action.

receiving requests from individual data subjects in connection with their data protection rights.

once a data subject access request is made, we'll assist you in liaising with the data subject, if required.

We are one of the leading providers of legal representative services for the clinical trials sector. Find out below why Sponsor Organisations trust us with their compliance.

How we can help

We can act as your Article 27 Representative within the EU, and as your UK Representative, if required.

We are headquartered in Dublin, Ireland and have offices in the UK and Switzerland.

We have the capability to provide representative services in other EU member states and the UK if the majority of your data subjects are located there.

We can provide foreign language services.

We can assist you in notifying a data breach within 72 hours to all relevant UK and EU supervisory authorities.

Contact us to act as your GDPR representative

We’re legal and data protection experts who offer solutions to organisations conducting clinical trials.

Find out how we can help.

Why use us for your next clinical trial?

We know your sector

We’re a trusted partner of Clinical Trial Sponsors and Contract Research Organisations (CROs).

We’re familiar with blinding

We will liaise with your CRO to ensure that the Sponsor will never know the identity of a data subject making an DSAR.

We’ve got you covered

No matter the length of your clinical trial, we’ve got flexible terms and swift onboarding processes.


We will alert you immediately to any enquiries you receive.


Telephone support helpline, virtual calls and email access at the touch of a button.

Credible & legal minded

Our GDPR experts handle queries every day and we’ve got legal backgrounds.

We are also members of the world’s largest information privacy organisation.