Data protection for life sciences and pharma

Our life sciences consultants work at the intersection of data protection and sector-specific regulation. That includes the Clinical Trial Regulation, the Medical Device Regulation, the In Vitro Diagnostic Regulation, Good Clinical Practice, and Good Pharmacovigilance Practices, among others. We help you find workable solutions when applicable frameworks pull in different directions.

Absolutely. Most of our clients have internal privacy or legal teams in place. We work as an extension of that team, stepping in where additional expertise, capacity, or an external perspective is needed. If needed, we can also take up the DPO role

Both. We work with organisations at every stage, whether that means supporting a single project like a DPIA or an CTA review, or building out a full privacy programme over time. There is no minimum scope. We adapt to what you actually need.

For more information on how we handle fully-fledged privacy programmes, please check this page.

Yes. We support clients across the world, working remotely as a default so we can move quickly and efficiently. Where it adds value, our consultants can travel on-site. You get access to deep European privacy and life sciences expertise, wherever you are based.

Yes. Our consultants have hands-on experience with privacy frameworks beyond the GDPR, including HIPAA for US-facing activities and the national requirements that apply in specific markets. Where needed, we work with a network of trusted legal and privacy partners across key jurisdictions. Whether your study spans two countries or ten, you get a coherent framework, not disconnected local advice.

Quickly. We understand that privacy questions in life sciences do not always follow a convenient timeline. When something is urgent, we make it a priority.

Yes. We support the drafting and reviewing of privacy-related aspects of Informed Consent Forms, Clinical Trial Agreements, and other sector-specific documents. We help ensure they are legally sound and aligned with applicable GDPR and regulatory requirements, while remaining clear for the people reading them.

Yes. We provide support with Data Protection Impact Assessments for any activity that may present a high risk to individuals’ rights and freedoms, which is often the case when sensitive data such as health data is processed. This typically includes clinical studies, patient registries, and other research projects. Each assessment is tailored to the specific context, taking into account relevant sector requirements as well as general data protection principles.

Yes. We help structure and review data sharing agreements, data processing agreements, and joint controllership arrangements across complex multi-party setups, including sponsor-CRO relationships and agreements with clinical sites or technology vendors.