Skip to main content

First European Code of Conduct for the pharma industry approved

|

A Code of Conduct regulating the processing of personal data in the field of clinical trials and other clinical research and pharmacovigilance has been approved. The code of conduct, promoted by Farmaindustria in Spain, regulates how the promoters of clinical studies with medicines and the CROs that decide to adhere thereto must apply the data protection regulations. Data controllers and data processors that adhere to the code of conduct are obliged to comply with its provisions.

This Code of Conduct becomes the first sectoral code of conduct approved since the entry into force of the General Data Protection Regulation (GDPR). Its scope of application is Spain; however it aspires to be a benchmark at European level as it is the first code in this field that has been approved in Europe.

This new Farmaindustria code ‒which replaces and adapts the previous one from 2009 ‒ represents a step forward in the protection of the data of those who participate in the activities it regulates, and will serve to strengthen clinical research and pharmacovigilance. Farmaindustria is the National Business Association of the Pharmaceutical Industry that brings together most of the innovative pharmaceutical companies established in Spain.

RGPD establishes that the associations or representative bodies of categories of controllers or processors can develop codes of conduct to facilitate its effective application. These codes constitute an element of self-regulation that responds to the specific needs of the sector of activity that they regulate, provide guarantees for the rights and freedoms of individuals, and represent an added value to the applicable regulations. Codes of conduct must be approved by the supervisory authority.

The scope of application of the code is the processing activities within the framework of clinical research in general, and clinical trials in particular, as well as those activities linked to compliance of obligations set by regulations on pharmacovigilance for the detection and prevention of adverse effects of drugs already marketed. In the case of clinical trials, it establishes protocols that facilitate the application of RGPD and offers security to the entities that adhere to it. They regulate, among other issues: the application of the principles of data protection, impact assessment, data coding, the responsibility of the different participants in a trial, the legal basis of processing, the regime of international transfers of data, the obligations derived from security breaches and the exercise of rights.

In terms of pharmacovigilance, the code distinguishes the processing of personal identifiable data and that of coded data and establishes protocols for collecting information on possible adverse reactions depending on who makes the notification and the different notification channels, including social media. Likewise, the code establishes a mediation procedure, voluntary and free of charge, which allows for an agile response to claims raised by data subjects.

The RGPD establishes that all codes of conduct must designate a supervisory body that acts with independence from both the promoter of the code and the adhered entities, and which must be accredited by the supervisory authority. The Spanish DPA (AEPD) has accredited the governing body of the code of conduct as the body in charge of the supervision of the code.

 

Article provided by INPLP member: Belén Arribas  (Belén Arribas, Abogada, Spain)

 

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}