What is GDPR?

The European Union (“EU”) General Data Protection Regulation (GDPR) is European privacy legislation that replaces the 1995 EU Data Protection Directive. The GDPR enhances the privacy right of EU residents by creating uniform data protection rules.

When does GDPR take effect?

The GDPR took effect on May 25, 2018, and affects any company, organization, or government agency that collects or processes the personal data of residents of the EU.

What’s new under GDPR?

GDPR builds upon existing EU privacy and data protection law, but also includes several new requirements. The following are just some of the new requirements under GDPR:

  • Increased territorial scope
  • Individual rights for data subjects
  • Data breach notification
  • Privacy by design
  • Strict penalties for non-compliance

Who does the GDPR apply to?

The GDPR applies to all organizations operating within the EU, or organizations outside the EU that offer goods and services to EU residents. This applies to the collection and processing of personal data, which includes any information relating to an identified or identifiable individual.

The GDPR, however, does not apply to certain activities covered under law enforcement, national security, and processing carried out by individuals purely for personal or household activities.

Additionally, there are still exceptions for data collection and use of personal data for medical research without consent if it is considered in the best interest of the public. Currently, there has not been any directive released if patients previously enrolled in clinical trials must be re-consented if the original informed consent form does not meet all GDPR standards.

What information does the GDPR apply to?

The GDPR applies to the processing of Personal Data and Sensitive Personal Data. Personal Data is defined by the GDPR as any information relating to an identifiable person, identified directly or indirectly. This includes personal data such as: name, identification number, location data, or online identifier.

Sensitive Data under the GDPR is a special category of Personal Data and includes religious affiliation, medical and genetic data, and biometric data when processed to uniquely identify an individual.

How has Clinipace prepared for GDPR?

Clinipace takes data protection very seriously and has formed an internal privacy advisory group with representatives from key stake-holding functional teams within the organization, dedicated to ensuring data privacy compliance both now and in the future.  Since its inception in 2017, this group has met regularly to review our systems, processes, and policies and identify any changes that may be needed to comply with GDPR’s requirements.  We have also made various trainings and information available to our internal team members across the globe regarding the changes with GDPR taking effect. Clinipace’s strong focus on data security and system security to date serves as a strong foundation for our compliance with GDPR and related privacy guidance going forward. We are also working closely with internal and external subject matter experts in multiple jurisdictions to stay apprised of the latest developments, and to monitor EU member states rulings and interpretations of the relevant guidance as it becomes available.  In addition to these efforts to date, Clinipace has an ongoing commitment to data privacy protections, compliance and security, and will continue to implement measures as appropriate in the future. 

Where do we stand?

Clinipace is committed to complying with all applicable GDPR rules and regulations. We are working diligently to ensure our policies, procedures, internal operations, and third-party relationships adequately address the GDPR data protection principles. Clinipace is also committed to working with our website visitors, clients, and business partners to identify opportunities to assist them in identifying, meeting, and managing their GDPR compliance obligations as well.

Please visit for our Privacy Statement, and additional information regarding data privacy and GDPR made available through

If you have any questions, please contact, and we will endeavor to respond as needed to such requests in a timely manner.