PrivIntelligent provided ongoing support to a multinational Pharmaceutical Company regarding the overall privacy compliance preparation for a Joint Venture with another Pharma Company

13 Dec 2023

Angela Livgieri and team, provided ongoing full time support to ensure privacy compliance of a Joint Venture (JV) between two pharmaceutical companies.

Our team provided ongoing support regarding the following indicative data privacy compliance pillars:

  • Assessment of privacy implications per data set per department (incl. Compliance; HR; Finance; PV; Medical; Marketing; Digital; IT; Commercial etc.) and ongoing compliance advice for the migration of critical systems/functions
  • Proposed solutions on the best and compliant methods of data transmission to the JV along with appropriate cross – organizational access rights to existing databases with global exposure
  • Draft/review/negotiation of various data protection agreements and clauses as templates for the JV; as new agreements with new vendors and ongoing support for renewal of data protection elements for major contracts
  • Advice on best practices regarding marketing practices and informed (re) consent strategy (double opt-in; opt-in; opt-out) for core EU countries + the UK
  • Draft/review/negotiation of the data processing agreement between the two pharma companies
  • Draft/review of a series of privacy related policies; procedures; rules; privacy notices; consent forms in 8 languages
  • Draft of Record of Processing Activities
  • Handling and advice of Data Subjects rights and security breach incidents
  • Draft of Data Protection Impact Assessments
  • Updates to Intragroup Agreement
  • Draft and presentation of trainings
  • Appointment of DPO – agreement and identification of notification requirements
  • Completion of registration and DPO notification to the UK Data Protection Authority (ICO)
  • Draft/update of Privacy & Cookies Notices for all the product specific websites and all online tools/software to be used
  • Kick off – full program presentation to the JV DPO.

In doing so, our team participated in a series of meetings with the management; the project owners; the DPOs of the pharma companies; the new DPO of the JV; the key stakeholders from both the companies and the various partners and vendors involved in this project to be on top of priorities and implementation progress and to find the best and more business friendly solutions from privacy standpoint.

Successful completion of the identified steps and risks on time by the project team resulted in the readiness of the JV the agreed first day of its operation.