What the GDPR means for US Sponsors of Clinical Trials in the EU and in the UK

Why you most likely have to appoint an EU and/or UK data protection representative in order to avoid sanctions under the GDPR

Does the GDPR apply to your clinical trials in the EU and/or in the UK?

  • Are you a US-based sponsor with no establishment in the EU and/or the UK? 
  • Do you conduct clinical trials in the EU and/or in the UK?

If you answered yes to both of these questions, then you most likely fall under the scope of the GDPR and have to appoint an EU-based and/or a UK-based representative for GDPR purposes.

GDPR and UK GDPR Representative Liability: Why the Rules Differ Between the EU and the UK

by | May 27, 2026 | International Compliance | 0 Comments

For organisations based outside Europe, appointing an EU or UK representative under Article 27 GDPR or UK GDPR is often treated as a straightforward compliance step. In practice, however, the legal exposure of a...
Read More

GDPR Subject Rights: What are they, and what do they mean for companies outside of the EU

by | April 27, 2026 | International Compliance | 0 Comments

If you are a non-EU company that offers goods or services to people in the EU, or monitors their behaviour, you can be in scope of the GDPR even without a European office. That means GDPR requests (often called...
Read More

Monaco Personal Data Protection Law: What It Means For Companies Outside Monaco 

by | April 8, 2026 | Regulation and Governance | 0 Comments

Even if you have no office in Monaco, the Monaco Data Protection Law can still apply if your processing is linked to offering goods/services to people in Monaco or monitoring their behaviour. Monaco adopted a...
Read More

IAPP UK Intensive 2026 in London

by | February 26, 2026 | Events | 0 Comments

Over two days at the IAPP UK Intensive 2026 in London, discussions across AI, cybersecurity and of course, DataProtection made one thing clear: governance maturity is a strategic differentiator. Here are some of...
Read More

GDPR + AI Act + DSA: What It Means For Non-EU Companies

by | February 26, 2026 | Regulation and Governance | 0 Comments

With the EU AI Act switching on in phases (and enforcement accelerating), many non-EU teams discover a familiar problem: one product can trigger three EU regulatory frameworks at once — and the “forgotten obligation” is often the local representative...
Read More

The Data Protection Representative in the EU, UK, and Switzerland: Common Ground and Key Differences

by | February 16, 2026 | Regulation and Governance | 0 Comments

Even when your product, team, and servers sit outside Europe, a data protection representative can be the “forgotten obligation” for companies doing business in the EU, UK, or Switzerland without a local presence. It is a key obligation that helps...
Read More

What Is A RoPA? Record Of Processing Activities Under Article 30 GDPR (Including Non-EU Companies)

by | February 10, 2026 | Regulation and Governance | 0 Comments

Article 30 GDPR explained for EU and non-EU organisationsA record of processing activities (often shortened to RoPA) is not a “nice to have”. It is a core GDPR accountability requirement under Article 30 GDPR....
Read More

Data protection day

by | January 28, 2026 | Events | 0 Comments

EDPO attended the Data Protection Day organised by the EDPS and the Council of Europe. Here are the key takeaways that stood out for us. The 2026 edition, themed “Reset or refine?”, explored how Europe can...
Read More

Digital Clearhouse 2.0

by | January 27, 2026 | Events | 0 Comments

EDPO attended the EDPS Digital Clearinghouse 2.0 Conference in Brussels. Here are the key takeaways that stood out for us. The EU’s Digital Rulebook continues to expand rapidly with the DSA, DMA, Data Act, AI...
Read More

ISO 27001 added value

by | January 7, 2026 | Regulation and Governance | 0 Comments

ISO 27001: Security You Can Rely On At EDPO, we provide representative services under Article 27 of the GDPR and other digital regulations. To support this role, and to ensure the highest standards of security...
Read More

Download our White Paper on The GDPR and US Sponsors of Clinical Trials in the EU & the UK

Click here to download

How can EDPO help you?

As your GDPR data protection Representative, EDPO will provide you with the following services (which are all included in our annual fees):

  • The handling of an unlimited number of requests from individuals (data subjects) and from data protection authorities in the EU and/or the UK
  • Assistance with the handling of an unlimited number of data breach notifications to the data protection authorities in the EU and/or the UK
  • The storage of a copy of your Record of processing activities on a platform that has the highest security levels in Europe (ISO27001)
  • Translation of requests and replies (from the initial language into English, and from English back to the initial language)
  • The right to use EDPO’s contact details and logo on your website and on other company material
  • The granting of the EDPO Compliance Certificate
  • Alerts regarding relevant GDPR-related news and developments

Get your Compliance Certificate
  • Lets customers know that your company is accountable and that your compliance with Article 27 of the GDPR is verifiable
  • Creates trust and provides security
  • Informs your business partners that your company complies with the EU’s data protection standards and allows for greater business opportunities
  • Provides your company with a competitive advantage
  • Reduces risks of heavy sanctions that can reach up to EU 20 million or 4% of global turnover, whichever is highest
  • Guarantees authenticity by use of the Smart Certificate™ technology
HAVE A LOOK AT OUR FEES HERE
SCHEDULE A FREE CALL WITH EDPO'S EXPERTS
GET IN TOUCH TO RECEIVE A TAILORED FEE QUOTE

EDPO helps your US business grow while

protecting EU and UK customers

 

Visit EDPO's website