Privacy Upheaval – Exploring the Impact of the GDPR on Companies Sponsoring and Managing Global Clinical Research

In May 2018, the new European Union (“EU”) General Data Protection Regulation (“GDPR”) will replace the familiar Data Protection Directive. In addition to significant new penalties, the GDPR requires companies to examine and rethink their data strategies, especially when working with clinical trials. This article discusses key considerations in implementing the GDPR for companies sponsoring and managing clinical trials.

With an ever-abundant list of important compliance requirements to contend with, life sciences compliance officers have no shortage of challenges. And the new year won’t offer any reprieve given the fast-approaching enforcement date for the General Data Protection Regulation (“GDPR”), the European Union’s (“EU’s”) new, comprehensive data protection law. On May 25, 2018, enforcement of the GDPR will begin, and there is much to do between now and then.

The GDPR, which replaces the Data Protection Directive 95/46/EC (“the Directive”), changes the current EU data protection framework in several significant ways. Among other things, the new framework expands the territorial scope for EU data protection obligations, applies those obligations directly to data processors, and broadens the requirements for controllers. The GDPR also includes new, quite severe penalties for non-compliance.