Client Needs
The European biotechnology and pharmaceutical sectors are growing rapidly. A pioneering biotechnology company based in the Netherlands has ambitious growth plans and needed to strengthen its research partnerships and supply chains in the United Kingdom. The Dutch company does not have an established presence in the UK and so it needed to appoint a UK Data Protection Representative, based in the UK, to represent and protect its interests. The UK’s post-Brexit changes to data protection meant that an organisation with deep expertise, knowledge of the UK regulator and the ability to support them with data breaches and other added services was required. PrivacySolved was selected primarily for its level of expertise, ability to provide additional services and the elasticity to expand its services, as needed.
PrivacySolved Services and Solutions
PrivacySolved’s UK Data Protection Representative Service (UK DPRS) was set up quickly with targeted front-loaded actions to maximise the levels of the client’s data protection compliance on the start date. Policies and Procedures covering UK-affected personal data were updated including public-facing General Data Protection Regulation (GDPR) data use notices. The data protection notices were updated to ensure that the UK GDPR regulator and UK-based individuals can easily contact the Representative, twenty-four hours a day. A new UK-focussed Records of Processing Activities (ROPA) was created from the client’s international data flow information to fully set out the personal data and data flows that fall within the UK’s regulatory remit. Uniquely, PrivacySolved provided the client with a Risks and Compliance Report that clearly set out the client’s current position, the risk profile and the important things to monitor and review in the future.
Results
PrivacySolved’s Data Protection Representative Service helped the client to:
- Reduce and manage the UK’s evolving data protection risks with reliable local expertise
- Add depth and reach to the existing data protection and security teams in the Netherlands
- Save costs by agreeing a subscription-plus-added-services model to create resilience
- Strengthen the data breach response capacity to solve supply chain cyber attacks