Supplier Compliance Management

Legally Trained Consultants

Compliance support for suppliers

As experts in the fields of information governance and data protection, we can help ensure that your products and services are designed in a manner that complies with data protection legislation and protects individuals’ privacy and confidentiality. With our vast expertise in supporting organisations in the realm of health research, we also help manage supplier compliance and establish appropriate agreements.

Clinical trials and health-related research more generally often involve the collection of different categories of data, including structured (clinical and non-clinical) and non-structured data (e.g. imaging, interview recordings). To collect this information effectively and securely, sponsors or Clinical Research Organisations (CROs) regularly make use of systems, applications and services provided by third-party suppliers who must follow supplier compliance standards.

Organisations supplying these products or systems need to ensure that privacy by design and default is applied from the development to the deployment stages. Embedding data protection and information governance in their processes is fundamental for these organisations to offer their products and services in such a regulated market.

Our consultancy helps meet supplier compliance requirements, including compliance support to commercial and non-commercial suppliers of systems, applications and services, whether based in the UK or overseas, that wish to make their products or services available to organisations undertaking research adhering to industry standards for compliance monitoring and supplier performance tracking.

Project showcase

If you’re an organisation that cares about your customers, clients, service users or patients’ data, then selecting the right supplier from a data protection perspective is crucial. This is why many organisations instruct us to carry out their data protection due diligence on their behalf. Everyone must always maintain a deal of professional scepticism when dealing with suppliers and the information they tell you about their service or product, as their ultimate goal is the sale.

One recent example for us concerned a client that wished to procure a new system which uses machine learning and artificial intelligence. After starting to carry out the necessary data protection checks (such as verifying where the data was stored, who the data processors were, etc) it became apparent to us that this product was not suitable for the sensitive nature of the data that our client wanted to process. After carrying out our assessment, we also looked at alternatives, including more privacy friendly products that would serve the same purposes. We presented various options to the client and they soon had a system which met all their requirements whilst also respecting the privacy of their customer data.

Our support may include:

  • Supporting Supplier Compliance Management by embedding data protection within the development of new products and services, ensuring all supplier compliance standards are met through structured oversight and compliance training programs for both internal and external stakeholders.
  • Drafting Data Protection Impact Assessments (DPIA) to assess risks in the supplier onboarding process, addressing potential compliance issues and ensuring supplier performance aligns with legal requirements.
  • Drafting Data Processing Agreements or Data Sharing Agreements that comply with supply chain management laws and best practices, safeguarding supplier data integrity and compliance status.
  • Advising on pseudonymisation and anonymisation techniques, ensuring non-compliance issues are mitigated while tracking supplier performance to ensure ongoing compliance.

Legally Trained Consultants

How we can help

We are here to assist:

Our Services

We provide a full data protection and information governance consultancy service to all our clients who engage with us. We provide flexible packages and services to make sure that you only pay for what you need, so you aren’t paying for unnecessary services. Whatever you and your organisation need, we are here to help.

Data Protection Consultancy

Data Protection Officer (DPO) Services

Data Protection Audit

Incident Management

Data Protection Impact Assessment (DPIA)

Data Protection Training

External Independent Reviews

Information Governance Policy Development

Fair Processing Materials

Data Security and Protection Toolkit (DSPT)

Record of Processing Activities (ROPA) & Information Asset Registers (IAR)

Secure Data Environments

Packaged Services

Other Services

Send Us A Message