implementing process to address global requirements ahead of GDPR

By Melissa Fassbender contact

- Last updated on GMT

(Image: Getty/ilkercelik)
(Image: Getty/ilkercelik)

Related tags: European union is working to implement an improved contractual landscape ahead of GDPR implementation in May, in order to ensure global compliance among sponsors and CROs.

The business to business marketplace for research products and services, partners with large and small pharmaceutical and biotechnology companies and contract research organizations (CROs).

To help both pharma and suppliers ensure compliance, the company is implementing a process to address the General Data Protection Regulation (GDPR). The new set of laws, which go into effect May 25, 2018, is intended to address personal data transfer from the EU to anywhere in the world.

The steps to become globally compliant depend on the individual business, the jurisdictions they are operating in and the source of the personal information shared,”​ said Matt McLoughlin, senior director of compliance at

As there is no single global regulation regarding privacy​,” McLoughlin told us the company is working with a legal firm to implement an improved, compliant contractual landscape to ensure that the data transfers through its marketplace are protected following GDPR implementation.

Preparing for GDPR implementation 

There are various tasks companies should undertake to ensure they align with the new requirements, McLoughlin explained.

Some of these include conducting a contract landscape review to ensure appropriate obligations are in place, updating policies (especially the privacy and cookie policies), and reviewing marketing processes and procedures, such as collection of consents, McLoughlin explained.

The main challenge faced by organizations is the complexity of the evolving requirements and the various interpretations,”​ he added.

Privacy Shield: Room for improvement

The EU-US and Swiss-US Privacy Shield Frameworks were designed to provide companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the US.

However, the frameworks – which are a part of the much larger GDPR requirements – do not protect the transfer of personal information between other jurisdictions, explained McLoughlin.

The European Commission recently wrote in a press release: "Privacy Shield works well, but there is some room for improving its implementation. The Privacy Shield is not a document lying in a drawer. It's a living arrangement that both the EU and U.S. must actively monitor to ensure we keep guard over our high data protection standards​." 

McLoughlin said, “This active monitoring is vital to ensure the certification is not diminished in the eyes of the individuals it is designed to protect​.”

To improve the framework, suggests that US authorities provide the Department of Commerce more resources, such as personnel to retroactively monitor Privacy Shield certified companies to ensure compliance – “so that only companies who are truly Privacy Shield compliant receive the certification​,” added McLoughlin.

Related news

Show more

Related products

show more

Facilities: Lexington, KY USA

Facilities: Lexington, KY USA

Piramal Pharma Solutions | 23-Aug-2021 | Insight Guide

The Piramal Pharma Solutions facility in Lexington, KY USA is a fully integrated site which offers analytical, formulation development, and manufacturing...

Related suppliers

Follow us


View more