Skip to main content

Clinical trials; if you are the Sponsor,
you are the Data Controller

June 4, 2018

If you are Data Controller dealing with EU patients’ data you must comply with the EU GDPRegulation

Cf. Art3.2

This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or the monitoring of their behavior as far as their behavior takes place within the Union.”.

1.As Data Controller you must demonstrate accountability by:
2.Following the GDPR principles
3.Allowing subjects to exercise their rights
4.Maintaining records of data processing activities
5.Performing a DPIA (a clinical study is considered critical for the subject’s rights and freedom)
6.Appointing a DPO
7.Appointing an EU Representative
8.Following the rules of transfer

Happy to share experience while at the Bio Convention. Get in touch.

Xavier Gobert, Nicole Renesonnet

If you want to contact us

Contact us