As of May 25, 2018, U.S. sponsors of clinical studies conducted in the European Union must be in compliance with the EU’s new General Data Protection Regulation (“GDPR”) or risk the possibility of significant fines.
U.S. sponsor companies must contend with this new EU regulation and the learning curve will likely be steep—especially as the GDPR requirements contrast sharply with the U.S.’s lack of any meaningful privacy regulation.
Companies found to be in non-compliance with the GDPR risk significant fines – possibly up to 4% of total worldwide annual turnover of the preceding financial year or 20 000 000 EUR, whichever is larger. The GDPR applies to the processing of personal data which includes subjects’ names, addresses, medical information, and more—regardless of whether the processing takes place in the EU or not.
We expect that our clients will be particularly impacted by the provisions related to the stringent, new contractual Informed Consent requirements for terms concerning use of bio specimens.
The GDPR also mandates the appointment of a senior-level Data Protection Officer with expertise in data protection law. This DPO will report directly to a C-suite executive. The law also requires companies to comply with certain processes for data protection and data management.
Contracts Associates is prepared to help your company successfully navigate this new regulatory framework. Our team of attorneys can help minimize the risk of penalties by updating your contracts to ensure that all informed consent language is GDPR-compliant with regard to sample and data usage. We will help your company uphold its legal duties and obligations to EU sites and vendors by drafting new contract template terms as needed. We encourage you to start your GDPR-compliance planning by contacting our office at 781-598-8000 or emailing our CEO, Colleen Sproul, at cms@contractsassociates.com