DPO as a Service for Health and Life Sciences

DPO as a Service for Health and Life Sciences

  • A flexible and affordable data privacy solution to support you with your compliance needs.
  • Developed specifically for organisations in the life sciences and healthcare sectors.
  • Includes relevant contract and legal advice, including on contractual arrangements with CROs (clinical research organisations).
  • A complete solution to your data privacy responsibilities, covering the EU GDPR (General Data Protection Regulation), UK GDPR, DPA (Data Protection Act) 2018 and HIPAA (Health Insurance Portability and Accountability Act 1996), as appropriate.
  • A dedicated, independent DPO (data protection officer) service with unlimited telephone and email advice.
  • Contact point for your supervisory authority on all data protection matters.
  • This is an annual subscription service.
Enquire today
Price: £0.00
Excluding VAT

With a wealth of experience working with life sciences and healthcare providers, we understand your specialist data privacy needs.

This all-encompassing service fulfils your DPO responsibilities wherever you are based in the world, and ensures compliance with the EU GDPR, UK GDPR, DPA 2018 and HIPAA, as appropriate.

What does this service cover?

This is a dedicated, independent DPO service that provides advice on:

  • Monitoring your data privacy compliance requirements;
  • Reviewing privacy compliance documentation, including drafting new documents;
  • Third-party supplier contracts, including master service agreements, CRO agreements, site agreements and data sharing agreements;
  • Consent management;
  • Cross-border data transfers;
  • The need to conduct DPIAs (data protection impact assessments) – including DPIAs relating to the storage of research and clinical trial data, and general DPIAs – and the manner of implementation, as well as any required outcomes of the DPIAs;
  • Data breach monitoring and management, and the requirement to report or record including specific data breach reporting requirements relating to CROs and/or required by health regulators and supervisory authorities;
  • Responding to data privacy rights requests from individuals;
  • Staff awareness training; and
  • Information collection.

It also includes:

  • A gap analysis to assess your current state of compliance and a remedial action plan that identifies and prioritises key issues your organisation must address to comply with the EU GDPR, UK GDPR, DPA 2018 and HIPAA, as appropriate;
  • Acting as the contact point for data protection authorities for all data protection issues;
  • Unlimited telephone and email advice within UK business hours via your dedicated GRCI Law DPO consultant;
  • Provision of an EU or UK representative service, if required;
  • Overseeing the creation and maintenance of the personal data processing register (the Article 30 record);
  • Regular reporting for senior management;
  • A monthly newsletter on important data privacy updates; and
  • An annual compliance audit (from year two).

Download the full service description


  • Support is available during UK business hours Monday to Friday, 9:00 am – 5:00 pm.
  • Suitable for organisations in the life sciences and healthcare sectors where a DPO is required.

Why outsource your DPO to GRCI Law?

We only advise on data protection, privacy, and cyber and information security, which means our team has the knowledge, experience, and visibility of the latest trends, best practice, developments and challenges.

With a number of life sciences and healthcare clients, we have a wealth of experience in these sectors. We understand the highly regulated nature of these clients and the specialist data privacy needs applicable.

Our clients view us as part of their teams and we are known for our pragmatic, commercial advice. We won’t just identify an issue or advise on the law – we provide you with a practical solution to suit your specific needs.

  • Access to a team of expert DPOs and lawyers.
  • Cost savings in recruitment, employment and retention – finding an experienced DPO with the right skill set and experience can be time-consuming and expensive.
  • A service that is flexible to your organisation’s needs, with pricing to match.
  • Sector-specific experience.

What are the requirements of the DPO role?

  • Review and provide guidance on privacy policies, procedures and documentation relating to the processing of personal data – GDPR Article 39(1)(a).
  • Oversee the establishment and maintenance of the personal data processing register (the Article 30 record) – GDPR Article 39(1)(a).
  • Advise on the necessity for a DPIA, the manner of its implementation and outcomes – GDPR Article 39(1)(c).
  • Provide guidance on data breach monitoring, management and reporting – GDPR Article 39(1)(a).
  • Serve as the contact point for data protection authorities for all data protection issues – GDPR Article 39(1)(d) and (e).
  • Provide advice and guidance on responses to privacy rights requests from individuals (information, access, rectification, objection, erasure, data portability) – GDPR Article 38(4).
  • Facilitate GDPR awareness training and the training of staff involved in data processing operations.
  • Monitor compliance with the GDPR – GDPR Article 39(1)(b).

Need more information?

For more information about this service or to get a tailored quote, please enquire below and one of our experts will be in touch shortly.

Why GRCI Law?

Our team of qualified DPOs, lawyers, cyber and information security experts have decades of experience between them and have advised on, created and delivered effective data protection solutions including:

  • Privacy and information/cyber security compliance programmes; and
  • Personal data solutions for high-profile organisations, including:
    • Global multinationals;
    • International banks, investment companies and leading law firms;
    • Life Sciences and healthcare providers;
    • World-leading educational institutions;
    • The European Council; and
    • UK law enforcement.
  • You will be supported by a dedicated DPO with access to the wider GRCI Law team’s knowledge and expertise.
  • Many of our clients find that they need more support than just a DPO. Our flexible services can grow with your business and adapt to your needs.

Speak to an expert

If you have any queries or you’re unsure of how to progress, please get in touch with our team of experts who will be able to assist with your enquiry and provide guidance options.

Buy now, pay later

Enjoy the benefits of paying by purchase order with an GRCI Law corporate account. Apply online today or call our service centre team on +44 (0)333 900 5555

Learn more

Stay in touch

Stay up to date with the latest industry news on our blog.

Visit our blog

Follow us on social media

Enquire today