Skip to main content

Interplay between Data Privacy - GDPR and Good Clinical Practices

Interplay between Data Privacy - GDPR and Good Clinical Practices

December 3, 2021
07:00 PDT | 10:00 EDT | 16:00 CET | 19:30 IST


As Clinical data managers, we work in a regulated industry and we are a key element in the compliance process of our organisations to the regulations and guidelines in place. In addition to Clinical Good Practices (i.e. ICH E6) and other ICH guidelines, most countries in Europe have adopted data privacy laws since many years, and in May 2018, the General Data Protection Regulation (GDPR) came into force in the European Union. 12 other countries outside Europe have privacy laws in adequation with GDPR and GDPR is becoming the gold standard to protect the private life of citizens.

The Healthcare and Life Sciences industries have not been waiting for the GDPR to protect the rights of patients, and many measures have been in place for years already with the Code of Nuremberg in 1947 and the Convention of Helsinki in 1964, just to name a few. Our industry is probably the most advanced in that matter.

Does this mean that all principles of the GDPR are already included in the regulations and guidelines in our sector? No, there are new aspects that every clinical data manager needs to know in order to guarantee that the data management process is compliant, for example:
  • Is it ok to keep past clinical studies in the live data base of our eCRF forever?
  • Is it ok to reuse past clinical data for a registry for example?
  • Can we run a meta-analysis across our data warehouse on a given indication for example?
  • What are the requirements for doing such processes?
  • When and how do we need to re-inform patients before starting the process?
  • When do we need to get their consent again?
  • Which new things do we need to check when auditing a sub-contractor?
You will get answers to these questions during the presentation and the Q&A interactive discussion.


  • Participants will learn the key points where GCP and EU's GDPR don't mandate the same things.
  • Participants will learn the difference of definition of what is personal data in the EU and elsewhere, and why encoded patient data is considered as personal data in the EU.
  • Participants will learn what to pay attention for before putting in place the data collection and processing for future clinical studies in Europe, in order to implement data privacy by design and by default.
  • Participants will learn what is possible to do with personal data of EU patients in terms of reusing clinical data, of storing it in live eCRF data base, and for data transfers outside of the EU. Participants will also learn why clinical data managers have an important role. 


This webinar targets all levels.


Participants will learn what to pay attention for when designing a CRF and other personal data processing for a clinical study recruiting patients in Europe. Participants will also learn why clinical data managers have an important role to play, and can have their job responsibilities to include compliance with data privacy.


Bertrand Le Bourgeois, Data Protection Specialist Life Sciences EU GDPR DPO RGPD GCP - President PharMarketing and AMMIS, We provide Data Protection Representatives in the UK and EU.

Bertrand Le Bourgeois graduated as an engineer from Ecole Centrale in France, with a marketing specialisation from HEC Business School. He has spent his career in Management and IT Consulting, in the healthcare and life science industries at major service providers for Clinical Research and Data Management, and as CIO for a key manufacturer. Now Bertrand runs PharMarketing GDPR Life Sciences, a consulting firm which helps life sciences companies to become compliant with Data Privacy Regulation in Europe (GDPR) ,in the US and abroad, with Good Data Management and Good Clinical Practices (GCP) and with IT Good Practices (GAMP, ISO 27001). PharMarketing also provides Legal Representation in the EU and UK for Data Privacy and other EU schemes, performs CSV and audits. Bertrand is Vice-Chair of the Association for Clinical Data Management and is President of the French Association of Medical Professionals for Healthcare Products Industry (AMMIS).


Group Registration Policy: Any group registration allows up to 10 people to attend the webinar and to complete the webinar assessment. Credits will be granted on an individual basis upon successful completion of the assessment by the registered participants.

Refund Policy: Participants will receive a full refund if notice is provided in writing via post or email one week prior to the webinar date. If cancellation occurs within the week prior the webinar, participants will be allowed to apply 50% of the webinar fee to the next offering of the same webinar. No refunds will be offered after that time.

Need Support?
Technical support:
Click on the help button on the bottom right, select contact support and email the BlueSky team with any technical issues.
Otherwise e-mail directly to or call +1-888-705-6002 for immediate help.
General support:
The SCDM Learning team is here to help. Contact us at or call +32 232 024 87