Data Sharing for a Pharma Company
We were contacted by an EU-based pharmaceutical company with several subsidiaries in the Balkans region.
For HR purposes, the holding company and its subsidiaries share employee personal data. Besides this, the group shares sensitive personal data including information from medical trials.
The client wanted to be sure these data transfers were compliant with local regulation, as well as with the GDPR.
All existing data transfers between companies were assessed. The client was provided with Art. 28 Data Sharing Agreement which was signed by all companies involved in cross-border transfers of personal data.
All internal and external data transfers were assessed to comply with Articles 44-50 GDPR.
To clarify controller/processor obligations, an Article 28 Data Sharing Agreement was drafted.
Set of policies was drafted for this client to complement already existing legal framework.
Data breach notification procedure was created to address the Article 33 GDPR requirements.