How to build a successful privacy program
When you think about the activities of your Organization and you try to build a privacy compliant program from the scratch, you first look into the countries where you operate, to identify the legal framework that applies to you; but it’s not until you organize and structure your intentions with the program, that you can […]
Scientific Research & International Transfers of Data
Recently we’ve seen some developments regarding the rules that apply to international transfers of data. On 4 June 2021, the European Commission issued: Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries; and Implementing Decision (EU) 2021/915 of 4 June 2021 and on […]
My views on the EDPB Guidelines on the Interplay between the application of Article 3 and Chapter V of the GDPR
It is a shame that the EDPB has positioned itself in contradiction to what the EU Commission has stated, in the implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries, or at least it appears to be so at the first instance. According to […]
Are Sponsors of clinical trials required to appoint a DPO?
In order to address this question we need first to understand the requirements for the appointment of a DPO. According to art. 37 of the GDPR, the designation of a DPO is an obligation if: (1) the processing is carried out by a public authority or body (irrespective of what data is being processed), (2) […]
Site Contracts – Controller/Processor…Who is Who?
Determining the roles of the Sponsor, Clinical Trial Site and CRO is important not only to raise appropriate Clinical Trial Agreements but mostly to understand the privacy obligations of each party in the conduct of a Clinical Trial. According to the GDPR, “controller” means the natural or legal person, who, alone or jointly with others, […]
European Healthcare Compliance Program – Seton Hall School of Law – Perceptions and Feedback
This summer, I’ve participated in the European Healthcare Compliance Program held in Paris by the Seton Hall Law University. It was a five days’ intensive and comprehensive program that focused on very different areas of Healthcare Compliance, including Privacy. Why did I do it? On one hand I believe that these kind of programs, which […]
MR-001 in France & Clinical Trials
The French Data Protection Authority (the, “CNIL”) has issued in July 2018 a new methodology (MR-001) to replace previous MR-001 from 2016. These methodologies are used to simplify the authorization process for the processing of personal data in France. In line with this, if Controllers in the field of clinical research comply with the requirements […]
Data Protection & Standard Contractual Clauses – two different questions and concerns
In this article I would like to raise two different questions/concerns about the Standard Contractual Clauses (SCC’s). One is regarding the need to update them now that the European General Data Protection Regulation (“GDPR”) is in place and the second is about the use of SCC’s by Non-EU Controllers. STANDARD CONTRACTUAL CLAUSES UNDER THE GDPR […]
Clinical trials – Joint-Controllership or two independent Controllers?
There’s a huge discussion around the concepts of Controller/Processor in the scope of clinical trials and while it’s unanimous that a CRO is acting as a Processor for the Sponsor, it’s not yet clear how Sponsor and Sites interact and are defined for the purposes of processing personal data in a clinical trial. The 29 […]
Key Privacy Changes implemented by the GDPR
Although the GDPR is effective since May 2018, there are still a lot of questions on how GDPR impacts businesses and daily work within an Organization. In line with this, and with the goal to facilitate GDPR understanding, I’ve decided to summarize the most relevant changes on a comparison exercise between the EU Privacy Directive […]
