10 th  December 2025 We were approached by a “virtual” pharma, who had just completed a small first-in-human study in the US for a rare disease.  The outcome was positive so the company was interested in doing a phase 2a open label study in the US and the EU, with the aim of extending to a phase2b/3 type design if successful. This company had no prior experience of working in the European Union. They engaged a small US based CRO who were helpful in the phase 1 study, but who

15 th  November 2025 Summary The position of Data Protection Officer (DPO) presents a large number of conflicts. The following roles are excluded for an internal DPO: board member, chief executive officer, chief operating officer, chief financial, chief medical officer, head of marketing department, head of Human Resources or head of IT departments and legal counsel (in relation to data protection disputes in court). External DPOs should be independent and may not be processo

15 th  November 2025 ©Regintel Ltd

20th August 2025 Initial Report In 2024, a client was contacted by a major French CRO who had been supporting a clinical trial with a potential data breach notification. The study was a phase 2b, covering several EU member states; the study enrolled 170 patients. The notification was made after the study ended but before completion of the Clinical Study Report. The sponsor/controller was an SME based in the US and we were acting as Data Protection Representative and providing

A sponsor was running a phase 3 pivotal study for a relapsed leukaemia therapy in multiple European countries where a novel biological combination therapy was assessed against standard of care. The study produced several Suspected Unexpected Serious Adverse Reactions (SUSARs). The study also involved several different specialised laboratories, some in the EU, some in the USA. In several instances local hospital laboratories were used for general bold chemistry testing. Becaus

The GDPR came into force on the 25th of May 2018. RegIntel’s main focus at that tiem was Legal Representative services supporting clinical trials on behalf of non-EU sponsors, mainly from the USA.  After some analysis we decided to offer GDPR services in addition to Legal Representative services to our clients. Initially we offered advice, but also Data Protection Representative Services and an outsourced DPO service. Compiling required documentation, Data Protection Impact A