Why you should attend this training
This training translates legal requirements into clear, operational steps
that can be applied immediately within your organisation. The goal is to
ensure that everyone handling personal data understands their
responsibilities and accountability.
During the session you will learn how to:
- apply GDPR principles in daily operational practice;
- select and document the appropriate lawful bases for data processing;
- manage data subject rights, including access, rectification and erasure;
- Identify, assess and mitigate privacy risks when handling sensitive data across sponsors, CROs, laboratories and technology vendors;strengthen GDPR awareness across departments.
- Strengthen GDPR awareness and responsibilities across departments such as clinical operations, regulatory, legal and HR.
Some of our clients
We have extensive GDPR experience in the life sciences sector.
Training program overview
9:00 - 9:30 Walk-in and coffee
9:30 - 11:00 GDPR in a nutshell
- Application of core GDPR principles including data minimization, purpose limitation, and storage limitation;
- Selection and application of appropriate Legal basis of data processing including consent (ICF), legitimate interest, and legal obligations;
- Interplay between GDPR and other regulations e.g. Good Clinical Practice (‘GCP’), Clinical Trials Regulation (‘CTR’), Medical Device Regulation (‘MDR’), Health Insurance Portability and Accountability Act (‘HIPAA’), and the EU Artificial Intelligence Act (‘EU AI Act’).
11:00 - 11:15 Break
11:15 - 12:45 Privacy Risk Management
- Identification and management of data breaches including high risk and low risk incidents under GDPR, and serious breaches under GCP;
- Implementation of privacy risk management measures, including Data Protection Impact Assessments (‘DPIAs), technical and organisational (security) measures, and Standard Operating Procedures (‘SOPs’);
- Establishment of effective privacy governance structures within your organisation, defining roles, responsibilities, and accountability for data protection compliance.
12:45 - 13:30 Lunch
13:30 - 15:00 Contracting Essentials
- Integration of data protection obligations into contractual arrangements between Sponsor, CRO, sites, laboratories, e.g. Clinical Trial Agreements (‘CTAs’) Data Processing Agreements (‘DPAs’), Joint-controller Agreements (‘JCAs’), and Material Transfer Agreements (‘MTAs’);
- Identification of appropriate contractual transfer mechanisms for international data transfers from the EU to non-EU entities;
- Conduct of privacy-focused due diligence for third party and vendor contracts for ensuring data privacy obligations.
15:00 - 15:15 Break
15:15 - 16:45 Staff and Study Subject Management
- GDPR compliant processes for study subject recruitment and the processing of employee data by HR, Finance;
- Dealing with requests for data access, rectification and erasure of study data;
- Practical and statutory requirements of Privacy notices for study participants, staff, website visitors, including requirements for ICFs.
16:45 - 17:00 Closing Remarks
17:00 - 18:00 Networking and Drinks
Meet your trainer
Meet the expert who will lead the training.
Johan Martens
Privacy & Data Protection Consultant
Johan Martens is a certified GDPR expert (CIPP/E, CIPM) and Partner at DPO Consultancy, with over five years of experience in data protection and privacy governance. He supports both Dutch and international organisations in navigating complex privacy regulations and embedding GDPR compliance into their operational processes.
In his role as Data Protection Officer and privacy consultant, Johan works closely with organisations across multiple sectors, with a strong specialisation in life sciences. Through his work with DPO Consultancy and the Nederlandse Privacy Academie, he combines advisory expertise with practical training to ensure that GDPR principles are translated into effective, day-to-day compliance.
Registration form
Participant information
Company address
Payment & Cancellation Terms:
Payment: The fee for the training is €800. Participants will receive an invoice via email. Payment must be settled within 14 days of the invoice date.
Cancellation: Written cancellations must be submitted 30 days before the training start date to qualify for a full refund. Cancellations made 14 days before the training start date are eligible for a 50% refund. Cancellations within 7 days of the training start date will not receive a refund.
This policy accounts for the high customization of our training based on attendee count and space constraints.