EU REPRESENTATIVE UNDER GDPR
FOR SPONSORS WITHOUT A REGISTERED OFFICE IN EU/EEA
EUROPEAN REPRESENTATIVE UNDER GDPR
COMPETENCE | FLEXIBILITY | COST-EFFICIENT
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) came into force in the EU on 25th May 2018 and has since been a driving force for improving data protection standards worldwide. The GDPR was created to protect EU citizens’ personal data. The term ‘personal data’ refers to any information relating to an individual that can be used to identify that individual, either on its own or when combined with other information. Crucially for clinical trials, health and medical data is classed as personal data so it is a requirement to comply with the requirements of the GDPR. Furthermore, under the GDPR, health and medical data is deemed special category data. Although an EU Regulation, many organisations established outside of the EU are still bound by the GDPR’s rules. This is because it applies whenever the personal data of individuals located within the EU is processed, regardless of the organisation’s location. It is referred to as ‘extra territorial scope’.
Therefore, clinical trials run by non-European organisations must comply with the GDPR if any of your trial participants are located within the EU, even if you have no establishment in the EU and even if you are using a European based Contract Research Organisation (CRO). If you do not have an establishment in the EU, as part of complying with the GDPR, you must appoint an EU Representative. Additionally, courtesy of Brexit, since the 1st of January 2021, there is now a separate requirement for organisations that process. A series of actions or steps taken in order to achieve a particular end. The personal data of UK residents, but do not have an establishment in the UK, to appoint a UK Representative. Organisations for which Article 27 applies must appoint an EU Representative to act as a point of contact in the EU for data subjects and supervisory authorities. Your Representative can be a person or an organisation but must be established in one of the EU member states where your trial participants – referred to as data subjects – reside.
EU Representatives have a number of responsibilities:
To cooperate with supervisory authorities
To facilitate communication between your organisation and data subjects
To maintain a Record of Processing Activities (RoPA) for your organisation, in accordance with GDPR Article 30
Ensuring their details are clearly displayed on your privacy notice
Understanding your data flows
Translating and responding to queries from data subjects and supervisory authorities
Logging and reporting data breaches relating to your EU/UK data subjects
Advising on data protection issues that impact your organisation
Contact us now
Twiga Europe, through an highly qualified and acknowledged team of professionals an partners, delivers an uncommon service efficiency and quality. Please do not hesitate to contact us at the addresses below.
- Medical Monitoring for Clinical Trials
- Managing and consulting Life-science companies and start-up
- Promoting and supervising the development of Clinical Trial Technology solutions
- Investment in world-class biomedical science-based companies
- European Legal Representative for Clinical Trials
- European Representative under GDPR
