We strongly believe that a high degree of awareness of the regulatory and legal aspects that punctually govern each area of the Life Sciences sector is a necessary prerequisite for the effectiveness of any project. PRINEOS meets this need by providing the client with sound legal and privacy advice, assisting clients in defining and implementing the best regulatory strategy and in managing a wide range of legal issues to efficiently achieve their goals.
Our team is made up of experts with specific competence and strong expertise, particularly concerning the legislative framework, privacy and compliance, regulations for clinical trials on medicinal products, and regulations in clinical trials on medical devices, both in Italy and in Europe.
PRINEOS supports the client in managing a given project, also from a legal point of view, by assisting with evaluating and correctly applying all the requirements of current legislation.
As medicine and technology evolve, so do the regulatory requirements on personal data protection, which are expanding in time.
It is essential to be aware of the rules applicable to the research sector, and to find the right balance between scientific progress and protection of the rights of the subjects involved.
It is incumbent on clinical trial sponsors (as data controllers) to demonstrate their compliance with applicable regulatory requirements in the area of Privacy, including those contained in the General Data Protection Regulation 2016/679 (GDPR), which was directly applicable in all European Union (EU) member states from 25 May 2018.
This burden implies compliance with what the GDPR defines as fundamental principles, including:
GDPR Chapter III - articles 12-23
Drawing up customised consent templates for patients (electronic forms for primary and secondary use for future studies) and guidance about patient requests and consent management tools (access and/or data correction, withdrawal of consent, etc.).
GDPR Chapter II - articles 6-11
Assessment and optimisation of dataset collection, processing and storage methods (guidance on pseudo-anonymisation techniques, definition and/or assessment of legal grounds and storage period, contractual framework of relations with data processors, data controllers and other third parties involved in data processing activities).
GDPR Chapter VI - articles 25-39
Implementation and/or evaluation of all applicable technical and organisational measures to ensure adequate data protection in cooperation with experts in the field (risk analysis (the so-called DPIA), record-keeping, implementation of ‘Privacy by Design’, appointment of the DPO, management and mitigation of personal data breaches).
The obligations arising from the GDPR are also applicable when a non-EU controller processes and/or transfers personal data relating to European patients. This also implies a specific obligation to designate a representative based in the EU area.
PRINEOS accompanies companies in adapting to constantly evolving regulations by proposing innovative and comprehensive solutions and by taking into account the state of the art and the client’s needs.
- Clinical Trial Agreement and Clinical Investigation Agreement
- Terms & Conditions
- License Agreement
- NDA
- Services Agreement
- Framework contracts
- Letters of intent
- Powers of Attorney
- Data Flow mapping exercise
- Identification of legal bases
- Definition of roles and responsibilities
- Compliance management for data processors and sub-processors
- Privacy impact assessment and implementation/monitoring of technical and organisational security measures
- Management of data breaches and data subject requests
- Support in the application of Privacy by Design and Privacy by Default principles and in the management of accountability documentation
about our services! Contact us