Interview
Profile of a DPO: Anne-Laurence Pirart
November 26, 2021
Anne-Laurence is data protection manager at MyData-TRUST, since a year now. Working on a daily basis with several organizations of the Life Science sector, she will give you some tips regarding the implementation of the GDPR.
Can you introduce yourself and your career path ?
Hello, I am Anne-Laurence. I graduated as an industrial biochemical engineer, actually in brewing engineer. However, I devoted almost my entire career to the pharmaceutical industry starting with my thesis at Institut Bordet. During my career I have had the opportunity to work in sales, coaching, marketing, medical affairs and finally in clinical studies. I have had a great, enriching path
Some people consider me a chameleon, I prefer to see as a multitasker. Having had the opportunity to work in different areas gives me a broad vision of a company, its needs, and goals.
In three words, how would you describe your diverse experience?
These different experiences often presented themselves to me as a challenge; for example I was asked to transform, a scientist into a salesperson or a product manager into a clinical research specialist.
My career goal was not to get to a top management position at any cost, s I am simply naturally very curious, and able to get interested in new horizons.
What was your favorite part of these multiple jobs?
My different positions all have one thing in common: interacting with people either for direct improvement by responding to customers’ needs, or by helping/coaching teams and support a company in its improvement goals all while, keeping a human approach.
What is the similarity between your previous positions and your current position at MyData-Trust?
The approach to project management is always based on the same philosophy, the understanding of the initial situation, the objective to reach, the planning and the accompaniment of the various actors, regardless of the context whether clinical or commercial.
What would you say are the challenges of this position?
Despite their interest, customers do not measure the importance of the implementation of the GDPR. Companies should conduct an internal assessment of their technology platforms and data architecture to better understand what personal data is collected and where personal data exist. Bring companies to integrate the EU Regulation, GDPR) to the clinical regulation. I would like companies to understand that the two regulations (GDPR and clinical) are companions in the conduct of a clinical trial.
What advice do you give to a pharmaceutical/biotech company regarding GDPR implementation?
Integrate the GDPR at the planning stage of the clinical study, at the very moment the protocol is written. Add to the existing study risk assessments (study, country and site level), the risks associated with data protection. Select service providers that offer technical and organization measures, privacy compliance and a good understanding of the regulation rather than patching because the selection did not consider security and privacy. v Once countries where your clinical study will be conducted are selected, consult your DPO regarding local laws in order to implement and draft your informed consent correctly.
Enlist the support of the QA department to adapt policies and SOPs in order to integrate the GDPR aspect from the start and, as always, train your teams.
And finally, don’t forget that if you have to report a GCP breach regarding patient confidentiality and/or data integrity-availability, to analyze it from a data protection perspective as you may have to report this GCP breach as a personal data breach as well. For companies whether in the European Union or outside the EU, implementing data protection is a difficult and heavy task, but it will allow a company to achieve compliance as the Drug Inspectorate (soon to be competent authority inspector) will ensure that the regulations regarding data protection are respected. Keep in mind that each country’s competent authority inspectors will become more attentive to the protection of personal data.
