Jo Brianti is the founder and director of JLB Business Consulting, providing GDPR services and consultations to a range of businesses. We’re excited to announce their partnership with CGX, where they’ll be delivering monthly webinars to everyone working within the Clinical Trials profession who want to (or need to) learn more about GDPR.
GDPR compliance is crucial for the Clinical Trials industry. It refers to the General Data Protection Regulation, a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU) and the UK. Everyone responsible for using personal data has to follow strict rules called 'data protection principles'. They must make sure the information is used fairly, lawfully and transparently.
Poor GDPR practice can mean the difference between securing a contract or losing one, enhancing your reputation and diminishing it. Nevertheless, some companies and their Clinical Trials Professionals still don’t have in place the most optimal procedures for data collection and protection. Jo and CGX are here to demystify GDPR, whilst offering practical solutions and information with their private and public webinars, consultations, and training sessions.
My background is in IT Project and Programme Management. I’ve worked in a range of organisations as diverse as Jaguar Cars, Transport for London, TUI Travel and I did a transformation project with the Medical Research Council. This involved a lot of long hours, time away from home and complications with childcare, so eventually I decided to set up my own business.
Around 2017 I started reading about GDPR and looking at what I needed to do for my business. I started answering questions for colleagues and just built-up a reputation as someone who understood it and could explain it to peers.
Over the first lockdown I trained and became an accredited Data Protection Officer. In February I’m doing further training with the International Association of Privacy Professionals (IAPP) who offer internationally recognised data and GDPR legal qualifications. That combined with my DPO training and the requirement for ongoing CPD training has brought me here.
I want to change the fear that GDPR is a headache or an overhead. It’s pivotal we all comply, so we can either make it difficult or streamlined. I give business owners the confidence with their GDPR policies and processes, breaking it down in a way that makes it manageable, understandable, and effective.
Lia and I were exploring developing some GDPR related online training materials, but found they had the potential to be quite generic; something pre-recorded and stand-alone wouldn’t answer enough questions. Instead, we’ve decided to set up monthly 60 – 90 minutes long webinars starting in March for companies and CTPs within the Clinical Trials industry.
The plan is, we will offer a generic awareness webinar every month covering the basics of GDPR which is open for any organisation and their members of staff. However, we also recognise that if you send an intern or a couple of employees to attend, because of sensitivities around your business, you may not want to have open discussions with someone from a rival firm. So alongside that, we’re offering dedicated company training sessions.
These will involve tailored sessions where we can talk about the specifics of GDPR and how it relates to your business. We’re happy to sign NDAs and provide recordings of meetings. These sessions will allow you to have frank discussions about GDPR and your company. We can also tailor it to certain members of staff; for example, we can do a session on GDPR processes for managers or GDPR awareness training for interns.
A lot of people see GDPR as a really difficult thing to implement and monitor. However, it’s essential that all of us, no matter our industry, are complying. There’s a clause in GDPR that talks about it being by design and by default. That means you should be working in a certain way that doesn’t turn GDPR into another task, it’s an integral part of your business operations. It’s a living, breathing, evolving piece of legislation that brings a great deal of responsibility.
CTPs and their companies need to be rock solid on this legislation, as they’re working with incredibly personal sensitive data. I understand it can be difficult and often lead to a kind of analysis-paralysis. You can get yourself tied up in knots, get scared and end up doing nothing.
However, for Clinical Trials companies, there’s a real risk of reputational damage if you don’t comply. If you are sanctioned and fined, and if you’re a big enough company, it could end up on the news and published on the ICO website. That’s there forever. If people are deciding whether to award you a research contract and they discover you haven’t looked after patients’ data, that could really compromise your chances of winning that contract or securing candidates for your clinical research. Trust is crucial.
Beyond that, you need to think about several other fundamentals: what are the processes for limiting the damage a member of staff could do to data if they were to act maliciously? How are you protecting people from not sharing data? What are your processes and policies for how data is shared? What is your data retention period? How are you using removable hardware? How are you protecting personal data and trade secrets? Are you using the best software and tech specifications for your company?
These fundamental questions are quite easy to answer and implement, but they assure your company and your research candidates’ data is protected, which in turn improves your company’s credibility.
Alongside the GDPR training, there are accreditations that will help organisations demonstrate their compliance, Cyber Essentials, IASB governance and their business processes, all of which can help with bids and tenders. We can discuss these in the webinars too.
CGX are committed to training CTPs to the very highest standards, and GDPR awareness has to be a part of a CTP’s skillset. When you’re working on an international project, for example, you must be aware of how data is being shared around the world, where it’s being stored, as well as certain countries’ own legislation; the model for data protection in the EU is different to North America for example.
You could miss or neglect clauses and parts of GDPR legislation, but this can have a big impact on the efficacy of trials.
I’m really looking forward to working with CGX to deliver these webinars and I hope they can alleviate some of the pressures and anxieties Clinical Trials companies may have. I’m here to make GDPR easier, and dare I say, even fun!