Personal data has always had an important role in the pharmaceutical industry. In the 21st century, handling personal data represents an essential part of many pharmaceutical operations, e.g. clinical research, client outreach and marketing. However, personal data regulations have become more and more stringent  and that is why we have summarised the main personal data regulations that pharmaceutical companies in Europe must comply with.  


General Data Protection Regulation (GDPR)


Today, the number of international laws which implement greater restrictions on personal data usage, is increasing. Since May 25th 2018, GDPR applies to all  organisations in the European Union and  organisations that target EU consumers. In addition to the rights that were established under the EU Data Protection Directive, GDPR requires that pharmaceutical companies inventory their information and document the legal basis for using personal data. To avoid fines, pharmaceutical companies are required to obtain informed and freely given consumer consent. Furthermore, the consent must involve specific information about secondary uses of data, e.g. the use of clinical data in the pharmaceutical industry. Furthermore, according to GDPR, EU data subjects are permitted to apply for their “right to be forgotten”, which enables them to be erased from collected data.


European Medicines Agency (EMA)

The mission of the European Medicines Agency (EMA) is to foster scientific excellence in the evaluation and supervision of medicines, for the benefit of public and animal health in the European Union (EU). The EMA is committed to enabling timely patient access to new medicines, and plays a vital role in supporting medicine development for the benefit of patients. The EMA’s scientific committees provide independent recommendations on medicines for human and veterinary use, based on a comprehensive scientific evaluation of data. The Agency’s evaluation of marketing-authorisation applications submitted through the centralised procedure provide the basis for the authorisation of medicines in Europe.

They also underpin important decisions about medicines marketed in Europe, referred to the EMA through referral procedures. The EMA coordinates inspections in connection with the assessment of marketing-authorisation applications or matters referred to its committees. The EMA continuously monitors and supervises the safety of medicines that have been authorised in the EU, to ensure that their benefits outweigh their risks.


The Agency works by: 

  • developing guidelines and setting standards, 
  • coordinating the monitoring of pharmaceutical companies’ compliance with their pharmaco-vigilance obligations; 
  • contributing to international pharmacovigilance activities with authorities outside the EU, 
  • informing the public on the safety of medicines and cooperating with external parties, in particular representatives of patients and healthcare professionals. 

The UK Data Protection Act 1998

In the United Kingdom, the DPA governs the processing of personal data and implements EU Directive 95/46/EC (the Data Protection Directive). The UK Data Protection Act (DPA) 1998 was based on the European Union (EU) Data Protection Directive 1995 (Directive 95/46/EC) and regulates the way in which personal data must be processed by organisations. It provides the right of the data subject to be informed when his/her data is being processed. In 2013, the Association of the British Pharmaceutical Industry (ABPI) Pharmacovigilance Expert Network (PEN) group, together with PIPA and a legal team (a membership-based forum organisation for in-house counsel and compliance personnel), put together “Guidance notes on UK data protection in post-marketing pharmacovigilance”, to help companies meet their data protection obligations under the UK Data Protection Act 1998.


The Medicines and Healthcare products Regulatory Agency

The Medicines and Healthcare products Regulatory Agency regulates medicines, medical devices and blood components for transfusion in the UK. Recognised globally as an authority in its field, the agency plays a leading role in protecting and improving public health and supports innovation through scientific research and development. It is responsible for enforcing European drug approval regulations within the UK, ensuring that drugs are safe and effective.

The National Health Service (Pharmaceutical and Local Pharmaceutical Services) Regulations

These regulations reflect the new NHS architecture, in which the NHS Commissioning Board (NHSCB)  is responsible for maintaining pharmaceutical lists, and the Health and Wellbeing Boards (HWB) are responsible for developing and publishing the Pharmaceutical Needs Assessments, which are used in the determination of routine applications for new pharmacies. It incorporates the market entry provisions, rural dispensing regulations, the Terms of Service under the community pharmacy contractual framework and Fitness to Practise provisions for pharmacy contractors.

In most regions pharmaceutical companies must follow with Good Manufacturing Practice (GMP), Good Documentation Practice (GDP), Good Laboratory Practice (GLP) and Good Clinical Practice (GCP). Companies need to be able to ensure data integrity and product integrity, or else they put patients at risk and face costly regulatory violations – penalties can include not only heavy fines, but also banned products. 


  • Good Manufacturing Practice (GMP) is a system for ensuring that products are consistently produced and controlled according to quality standards. It is designed to minimize the risks involved in any pharmaceutical production that cannot be eliminated through testing the final product. 
  • Good Documentation Practice (GDP) is essential for the integrity of data collection. Following GDPs assures preventing errors within the manufacturing environment and during the analysis of pharmaceutical products which in turn assures product quality, and safety of the patients. 
  • Good laboratory practice (GLP) assures the quality and integrity of non-clinical laboratory studies that support research of products regulated by government agencies. An important component is Quality Assurance unit (QA), which verifies that all written procedures are followed throughout the study. 
  • Good Clinical Practice (GCP) is a standard for clinical studies, controlling the design, monitoring, termination, audit and documentation of the studies. It also protects human rights for the subjects and volunteers in a clinical trial.

Have  we missed an important institution that should have been  mentioned above? Let us know in your comments and we’ll include it.