GDPR: What it Means for CROs in the EU and Beyond

GDPR: What it Means for CROs in the EU and Beyond

As of the 25th of May 2018, the European Directive 95/46/EC on “the protection of individuals with regard to the processing of personal data and on the free movement of such data” has been replaced by the new General Data Protection Regulation (GDPR).

A Regulation is a binding legislative act, which must be applied in its entirety across the EU. Furthermore, it applies to all organizations that handle data of individuals across the EU. The aim of the GDPR is to standardize and strengthen the protection of personal data across the EU, and to protect data from other countries which are being “processed” within the EU.

Under the new regulations, all company processes for processing personal data of individuals residing in the European Union must comply, regardless of the company’s other global locations. For EastHORN Clinical Services, personal data protection and privacy is critical to our business and a top priority for our organization. Ensuring confidential data processing and respecting privacy is core to our customer promise.

As a global contract research organization, we collect, store and process health data and bio-medical samples relating to study subjects on behalf of our clients. EastHORN Clinical Services is a data processer from a client perspective but also a controller of data in terms of personnel, sales, and sub-contractors. As a consequence, we have implemented the necessary changes to our systems, processes and policies needed to comply with GDPR requirements. As a clinical trial provider, we have to identify and analyse the data that are being processed, where it is transferred to, who processes the data, what it is used for, and any risks and processes. EastHORN guarantees that all our employees are trained in the new regulations. We have selected trusted partners to ensure that clinical trials are executed to the latest regulatory standards and at the highest quality.

Under the Regulation, individuals have the right in law to complain about how their information is handled to a supervisory authority that is responsible for regulating compliance with the Regulation. A list of all EU supervisory authorities is available on the European Commission website:

If you would like to find out more about EastHORN and GDPR compliance, please contact us at:

Iain Gordon
Chief Business Officer