As experts in the fields of information governance and data protection, we can help ensure that your products and services are designed in a manner that complies with data protection legislation and protects individuals’ privacy and confidentiality. With our vast expertise in supporting organisations in the realm of health research, we also help manage supplier compliance and establish appropriate agreements.
Clinical trials and health-related research more generally often involve the collection of different categories of data, including structured (clinical and non-clinical) and non-structured data (e.g. imaging, interview recordings). To collect this information effectively and securely, sponsors or Clinical Research Organisations (CROs) regularly make use of systems, applications and services provided by third-party suppliers who must follow supplier compliance standards.
Organisations supplying these products or systems need to ensure that privacy by design and default is applied from the development to the deployment stages. Embedding data protection and information governance in their processes is fundamental for these organisations to offer their products and services in such a regulated market.
Our consultancy helps meet supplier compliance requirements, including compliance support to commercial and non-commercial suppliers of systems, applications and services, whether based in the UK or overseas, that wish to make their products or services available to organisations undertaking research adhering to industry standards for compliance monitoring and supplier performance tracking.
If you’re an organisation that cares about your customers, clients, service users or patients’ data, then selecting the right supplier from a data protection perspective is crucial. This is why many organisations instruct us to carry out their data protection due diligence on their behalf. Everyone must always maintain a deal of professional scepticism when dealing with suppliers and the information they tell you about their service or product, as their ultimate goal is the sale.
One recent example for us concerned a client that wished to procure a new system which uses machine learning and artificial intelligence. After starting to carry out the necessary data protection checks (such as verifying where the data was stored, who the data processors were, etc) it became apparent to us that this product was not suitable for the sensitive nature of the data that our client wanted to process. After carrying out our assessment, we also looked at alternatives, including more privacy friendly products that would serve the same purposes. We presented various options to the client and they soon had a system which met all their requirements whilst also respecting the privacy of their customer data.
Our support may include:
We provide a full data protection and information governance consultancy service to all our clients who engage with us. We provide flexible packages and services to make sure that you only pay for what you need, so you aren’t paying for unnecessary services. Whatever you and your organisation need, we are here to help.