What the GDPR means for US Sponsors of Clinical Trials in the EU and in the UK

Why you most likely have to appoint an EU and/or UK data protection representative in order to avoid sanctions under the GDPR

Does the GDPR apply to your clinical trials in the EU and/or in the UK?

  • Are you a US-based sponsor with no establishment in the EU and/or the UK? 
  • Do you conduct clinical trials in the EU and/or in the UK?

If you answered yes to both of these questions, then you most likely fall under the scope of the GDPR and have to appoint an EU-based and/or a UK-based representative for GDPR purposes.

What Is A RoPA? Record Of Processing Activities Under Article 30 GDPR (Including Non-EU Companies)

by | February 10, 2026 | Regulation and Governance | 0 Comments

Article 30 GDPR explained for EU and non-EU organisationsA record of processing activities (often shortened to RoPA) is not a “nice to have”. It is a core GDPR accountability requirement under Article 30 GDPR....
Read More

AI Act: Are you ready?

by | January 7, 2026 | Regulation and Governance | 0 Comments

The AI Act is here. Are you truly compliant? The new European Regulation on artificial intelligence, the AI Act, is redefining how AI may be developed, deployed, and governed across the EU. If your company...
Read More

Understanding GDPR: What You Need to Know in 2025

by | September 17, 2025 | Data Protection and Privacy | 0 Comments

In 2018, the European Commission introduced the General Data Protection Regulation (GDPR). It shook the world because it applied both to European businesses and to any organization that processes the data of...
Read More

5 GDPR mistakes US companies make in 2025 – and how to avoid them

by | August 26, 2025 | International Compliance | 0 Comments

The General Data Protection Regulation (GDPR) continues to apply to many US companies in 2025, even if they do not have a physical presence in the European Union. Despite years of guidance and enforcement, the...
Read More

EDPO at the 38th Privacy Laws & Business Conference in Cambridge

by | July 18, 2025 | Events | 0 Comments

From AI governance to legal design: key takeaways from Europe’s leading privacy event EDPO recently took part in the 38th International Conference hosted by Privacy Laws & Business, set against the...
Read More

IAPP Intensive – London, UK – March 2023

by | March 29, 2023 | Events | 0 Comments

DAY 1 The IAPP - International Association of Privacy Professionals Data Protection Intensive: UK 2023 kicked off this Wednesday with John Edwards (Information Commissioner's Office’s Commissioner)’s engaging...
Read More

UK GDPR and EU GDPR – Differences and Similarities

by | January 2, 2023 | Data Protection and Privacy | 0 Comments

What are the main differences between UK GDPR and EU GDPR? The UK GDPR is largely based on the EU GDPR but adapted for the UK. The main differences are: it applies to data subjects who are in the UK, instead of...
Read More

ISO 27001 added value

by | January 2, 2023 | Regulation and Governance | 0 Comments

ISO 27001: Security You Can Rely On At EDPO, we provide representative services under Article 27 of the GDPR and other digital regulations. To support this role, and to ensure the highest standards of security...
Read More

EU GDPR Quick Guide to GDPR Fines and Sanctions

by | January 2, 2023 | Enforcement and Case Law | 0 Comments

The EU’s General Data Protection Regulation (GDPR) was one of the first privacy laws to compel broad organizational compliance, largely because the cost of non-compliance can be extremely high. Under the GDPR,...
Read More

EDPO participated in the Belgian Economic Mission to Japan – Dec. 2022

by | December 21, 2022 | Events | 0 Comments

EDPO is thrilled to have been part of the Belgian Economic Mission to Japan with HRH Princess Astrid of Belgium last week - and what a crazy week it was! We had the opportunity to catch up with some of our...
Read More

Download our White Paper on The GDPR and US Sponsors of Clinical Trials in the EU & the UK

Click here to download

How can EDPO help you?

As your GDPR data protection Representative, EDPO will provide you with the following services (which are all included in our annual fees):

  • The handling of an unlimited number of requests from individuals (data subjects) and from data protection authorities in the EU and/or the UK
  • Assistance with the handling of an unlimited number of data breach notifications to the data protection authorities in the EU and/or the UK
  • The storage of a copy of your Record of processing activities on a platform that has the highest security levels in Europe (ISO27001)
  • Translation of requests and replies (from the initial language into English, and from English back to the initial language)
  • The right to use EDPO’s contact details and logo on your website and on other company material
  • The granting of the EDPO Compliance Certificate
  • Alerts regarding relevant GDPR-related news and developments

Get your Compliance Certificate
  • Lets customers know that your company is accountable and that your compliance with Article 27 of the GDPR is verifiable
  • Creates trust and provides security
  • Informs your business partners that your company complies with the EU’s data protection standards and allows for greater business opportunities
  • Provides your company with a competitive advantage
  • Reduces risks of heavy sanctions that can reach up to EU 20 million or 4% of global turnover, whichever is highest
  • Guarantees authenticity by use of the Smart Certificate™ technology
HAVE A LOOK AT OUR FEES HERE
SCHEDULE A FREE CALL WITH EDPO'S EXPERTS
GET IN TOUCH TO RECEIVE A TAILORED FEE QUOTE

EDPO helps your US business grow while

protecting EU and UK customers

 

Visit EDPO's website