Skip to Main Content
Select regional store:
Learn for less: Save 10% on high-quality foundation and auditor training. Find out more
DPO as a Service for Health and Life Sciences

DPO as a Service for Health and Life Sciences

SKU: 5927
Publishers: GRCI Law
Format: Consultancy
Availability: Available now
  • A flexible and affordable data privacy solution to support you with your compliance needs
  • Developed specifically for organizations in the life sciences and health care sectors
  • Includes relevant contract and legal advice, including on contractual arrangements with CROs (clinical research organizations)
  • A complete solution to your data privacy responsibilities, covering the EU GDPR (General Data Protection Regulation), UK GDPR, DPA (Data Protection Act) 2018, and HIPAA (Health Insurance Portability and Accountability Act 1996), as appropriate
  • A dedicated, independent DPO (data protection officer) service with unlimited telephone and email advice
  • Contact point for your supervisory authority on all data protection matters
  • This is an annual subscription service

This service is provided by IT Governance USA’s sister company GRCI Law Limited, a specialist in data privacy, cybersecurity, and legal and compliance advisory services.

Inquire about this service


With a wealth of experience working with life sciences and health care providers, GRCI Law understands your specialist data privacy needs.

This all-encompassing service fulfills your DPO responsibilities wherever you are based, and ensures compliance with the EU GDPR, UK GDPR, DPA 2018, and HIPAA, as appropriate.

What’s included?

This is a dedicated, independent DPO service that provides advice on:

  • Monitoring your data privacy compliance requirements
  • Reviewing privacy compliance documentation, including drafting new documents
  • Third-party supplier contracts, including master services agreements, CRO agreements, site agreements, and data sharing agreements
  • Consent management
  • Cross-border data transfers
  • The need to conduct DPIAs (data protection impact assessments) – including DPIAs relating to the storage of research and clinical trial data and general DPIAs – and the provision of guidance on the manner of implementation and any required outcomes of the DPIAs
  • Data breach monitoring, management, and the requirement to report or record including specific data breach reporting requirements relating to CROs and/or mandated by health regulators and supervisory authorities
  • Responding to data privacy rights requests from individuals
  • Staff awareness training
  • Information collection

It also includes:

  • A gap analysis to assess your current state of compliance and a remedial action plan that identifies and prioritizes key issues your organization must address to comply with the EU GDPR, UK GDPR, DPA 2018, and HIPAA, as appropriate;
  • Acting as the contact point for data protection authorities for all data protection issues
  • Unlimited telephone and email advice during UK business hours via your dedicated GRCI Law DPO consultant
  • Provision of an EU or UK representative service, if required
  • Overseeing the creation and maintenance of the personal data processing register (the Article 30 record)
  • Regular reporting for senior management
  • A monthly newsletter on important data privacy updates
  • An annual compliance audit (from year two)

Need more information?

For more information about this service or to get a tailored quote, please inquire below and one of our experts will be in touch shortly.

Inquire about this service

Outsourcing your DPO

Why outsource your DPO to GRCI Law?

GRCI Law only advises on data protection, privacy, and cybersecurity and information security, which means its team has the knowledge, experience, and visibility of the latest trends, best practice, developments, and challenges.

Over recent years, GRCI Law has accumulated a number of life sciences and health care clients, and gained a wealth of experience in these sectors. Owing to the highly regulated nature of these clients, we know and understand the specialist data privacy needs applicable to these sectors.

GRCI Law is known for its pragmatic, commercial advice. It won’t just identify an issue or advise on the law – it provides you with a practical solution to suit your specific needs.

  • Access to a team of expert DPOs and lawyers
  • Cost savings in recruitment, employment, and retention – finding an experienced DPO with the right skill set and experience can be time-consuming and expensive
  • A service that is flexible according to your organization’s needs, with pricing to match
  • Sector-specific experience

What are the GDPR requirements of the DPO role?

  • Review and provide guidance on privacy policies, procedures, and documentation relating to the processing of personal data – Article 39(1)(a)
  • Oversee the establishment and maintenance of the personal data processing register (the Article 30 record) – Article 39(1)(a)
  • Advise on the necessity for a DPIA, the manner of its implementation, and outcomes – Article 39(1)(c)
  • Provide guidance on data breach monitoring, management, and reporting – Article 39(1)(a)
  • Serve as the contact point for data protection authorities for all data protection issues – Article 39(1)(d) and (e)
  • Provide advice and guidance on responses to privacy rights requests from individuals (information, access, rectification, objection, erasure, data portability) – Article 38(4)
  • Facilitate GDPR awareness training and the training of staff involved in data processing operations
  • Monitor compliance with the GDPR – Article 39(1)(b)
Why GRCI Law?

GRCI Law’s team of qualified DPOs, lawyers, cybersecurity experts, and information security experts have decades of experience between them, and have advised on, created, and delivered effective data protection solutions including:

  • Privacy and information/cybersecurity compliance programs
  • Personal data solutions for high-profile organizations, including
    • Global multinationals
    • International banks, investment companies and leading law firms
    • Life sciences and health care providers
    • World-leading educational institutions
    • The European Council
    • UK law enforcement

You will be supported by a dedicated DPO with access to the wider GRCI Law team’s knowledge and expertise.

Many of GRCI Law’s clients find that they need more support than just a DPO. Its flexible services can grow with your business and adapt to your needs.

  • Support is available during UK business hours Monday to Friday, 9:00 am – 5:00 pm
  • Suitable for organizations in the life sciences and health care sectors where a DPO is required
  • For organizations with more than 500 employees, please contact us

Customer reviews

This website uses cookies. View our cookie policy