Data Sharing for a Pharma Company

Challenge

We were contacted by an EU-based pharmaceutical company with several subsidiaries in the Balkans region.

For HR purposes, the holding company and its subsidiaries share employee personal data. Besides this, the group shares sensitive personal data including information from medical trials.

The client wanted to be sure these data transfers were compliant with local regulation, as well as with the GDPR.

Solution

All existing data transfers between companies were assessed. The client was provided with Art. 28 Data Sharing Agreement which was signed by all companies involved in cross-border transfers of personal data.

In addition, we updated the existing or drafted new data protection policies for the client: HR Privacy Policy, Data Retention Policy, Data Access Policy, Information Security Policy, and the Data Breach Notification Procedure.

Transfers

All internal and external data transfers were assessed to comply with Articles 44-50 GDPR.

Data Sharing

To clarify controller/processor obligations, an Article 28 Data Sharing Agreement was drafted.

Policies

Set of policies was drafted for this client to complement already existing legal framework.

Data Breach

Data breach notification procedure was created to address the Article 33 GDPR requirements.

Facing similar challenges?




PAGES

Home
About Us
Services
EU-Projects
Resources

SERVICES

GDPR Consulting
DPO On Demand
Risk Management
Privacy Training

PROJECTS

CC-DRIVER
AI4HealthSec
CYRENE
MARVEL
IoT-NGIN

ADDRESS

34, avenue des Champs-Elysées
75008 Paris, France

EMAIL

contact[at]privanova.com

SOCIAL

LinkedIn
Twitter