EU AUTHORISED DATA PROTECTION REPRESENTATIVE PROGRAMME (EUDPRP)
A company supplying products and services to customers in the European Union that does not have an office or is not established in any EU Member State or in the United Kingdom, probably requires an EU authorised data protection representative. QFI can serve as an EU Authorised Data Protection Representative according to Recital 80 Regulation (EU) 2016/679 and Data Protection Act 2018 (Pure and Applied GDPR) supporting medical device manufacturers who collect, process and archive personal data on European data subjects pursuant to Regulation (EU)2016/679. Such personal data necessary in fundamental scientific research, risk assessment, clinical investigation and other health-related purposes, are subject to the Regulation. While manufacturers are generally familiar with the requirements and recommendations concerning informed consent and other ethical committee expectations, comprehensive understanding of regulations on special categories of personal data, probabilities, requisite controls and available penalties for violation, are less known.
Our EUDPRP provides the following:
- EU data protection representation services to organisations outside the EEA
- Official address as GDPR representative through our offices in the EU and UK
- Point of contact for personal data protection pursuant to the regulation
- Communication and act of on behalf with European and UK data protection supervisory authorities
- Notify and assist in resolving investigations on breach of personal data
- Where agreed, retain data protection processing activity records according to Article 5 (1) (e) Regulation (EU) 2016/679
- Conduct preliminary and renewal data protection system conformity assessment to identify areas our client members might need to improve
- evaluate documented processes and procedures, conduct Data protection impact assessments.
- Devise and implement documented systems, processes and procedures in client member management systems to integrate Regulation (EU) 2016/679, Data protection Act 2018 and Regulation (EU) 536/2014 also where requested, US Privacy Shield elements.
- Conduct data protection risk assessment, formulate safety and reliability engineering analysis and cover NHS digital standards requirements.
At QFI, we:
- Check if your organisation records of processing activities comply
- Examine data protection technical documentation required by Regulation (EU) 2016/679 and Data protection Act 2018 is complete
- Check procedures to fulfil data transfer requests and attend to breaches of personal data to ensure that they are compliant and efficient