In Europe there is a relationship between the EU’s General Data Protection Regulation (GDPR) and the Clinical Trials Directive. In European law a regulation is law in every state, although maybe varied locally, whereas a Directive must be implemented through individual state law. This approach results in a greater variance between laws implementing a Directive and those that implement a Regulation.

The European Data Protection Board, which oversees the GDPR, has issued an opinion that most states (other than the UK) have incorrectly implemented the Clinical Trials Directive and its relationship with GDPR. This has created considerable uncertainty and Kaleidoscope has developed approaches to meet both GDPR requirements and locally implement Clinical Trials Directive legislation.

For example, in Greek law, clinical trials must use a Government imposed contract without variation, which does not comply with GDPR contract terms where contracting between a Controller and a Processor. And in Hungary the clinical trials legislation requires publication of the name and contact details of the Data Protection Officer, which are specifically not required to be published by GDPR.

Kaleidoscope has experience supporting Clinical Research Organisations (CRO) and sponsors to navigate the complex legislative landscape.