Scientist.com implementing process to address global requirements ahead of GDPR

By Melissa Fassbender

- Last updated on GMT

(Image: Getty/ilkercelik)
(Image: Getty/ilkercelik)

Related tags European union

Scientist.com is working to implement an improved contractual landscape ahead of GDPR implementation in May, in order to ensure global compliance among sponsors and CROs.

The business to business marketplace for research products and services, partners with large and small pharmaceutical and biotechnology companies and contract research organizations (CROs).

To help both pharma and suppliers ensure compliance, the company is implementing a process to address the General Data Protection Regulation (GDPR). The new set of laws, which go into effect May 25, 2018, is intended to address personal data transfer from the EU to anywhere in the world.

The steps to become globally compliant depend on the individual business, the jurisdictions they are operating in and the source of the personal information shared,”​ said Matt McLoughlin, senior director of compliance at Scientist.com.

As there is no single global regulation regarding privacy​,” McLoughlin told us the company is working with a legal firm to implement an improved, compliant contractual landscape to ensure that the data transfers through its marketplace are protected following GDPR implementation.

Preparing for GDPR implementation 

There are various tasks companies should undertake to ensure they align with the new requirements, McLoughlin explained.

Some of these include conducting a contract landscape review to ensure appropriate obligations are in place, updating policies (especially the privacy and cookie policies), and reviewing marketing processes and procedures, such as collection of consents, McLoughlin explained.

The main challenge faced by organizations is the complexity of the evolving requirements and the various interpretations,”​ he added.

Privacy Shield: Room for improvement

The EU-US and Swiss-US Privacy Shield Frameworks were designed to provide companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the US.

However, the frameworks – which are a part of the much larger GDPR requirements – do not protect the transfer of personal information between other jurisdictions, explained McLoughlin.

The European Commission recently wrote in a press release: "Privacy Shield works well, but there is some room for improving its implementation. The Privacy Shield is not a document lying in a drawer. It's a living arrangement that both the EU and U.S. must actively monitor to ensure we keep guard over our high data protection standards​." 

McLoughlin said, “This active monitoring is vital to ensure the certification is not diminished in the eyes of the individuals it is designed to protect​.”

To improve the framework, Scientist.com suggests that US authorities provide the Department of Commerce more resources, such as personnel to retroactively monitor Privacy Shield certified companies to ensure compliance – “so that only companies who are truly Privacy Shield compliant receive the certification​,” added McLoughlin.

Related news

Show more

Related products

show more

More Data, More Insights, More Progress

More Data, More Insights, More Progress

Content provided by Saama | 04-Mar-2024 | Case Study

The sponsor’s clinical development team needed a flexible solution to quickly visualize patient and site data in a single location

Ultra Low Temperature Packaging solutions

Ultra Low Temperature Packaging solutions

Content provided by Almac Group | 12-Feb-2024 | Case Study

Advanced Therapy Medicinal Products (ATMPs) offer ground-breaking opportunities for treating injuries and disease, in particular for cases of severe, untreatable...

Related suppliers

Follow us

Products

View more

Webinars