11 September 2019 - GDPR and CTR Interplay. One Year Later. Understandings and Questionings.

Webinar Topic

GDPR and CTR Interplay. One Year Later. Understandings and Questionings.


Webinar Date & Time

11 September 2019 from 10:00 AM to 11:30 AM (CEST)

Webinar Overview

A year ago, the GDPR came into effect. We were told about consent. We knew the consent. The two concepts seemed identical. It would be quite simple to reconcile the GDPR with the CTR.
Then we thought about implementing the GDPR and thought about its concepts. We therefore had to answer the first question in the implementation of the GDPR for clinical trials: what is the legal basis for the processing of personal data? And there, surprise… it was not that clear at all.
Consent is not the lawful basis for the processing of personal data in the processing of clinical trial data? Then we discovered that the consent is the lawful basis, the participating subject would be entitled to request to delete all collected data. This is contradicting the CTR which says that in case of consent withdrawal, collected data must be kept and processed and cannot be removed.
We therefore tried to think a little more and find solutions for the implementation of GDPR for clinical trials. We discovered new legal basis for processing of personal data and found that some of them would be of interest for clinical trials and allowed to reconcile GDPR and CTR.
Since then, the authorities have also helped us to interpret the two regulations.
In mid-January, the European Data Protection Board published a series of questions / answers to better understand the relationship between the two regulations.
At the end of March, the Council of Europe published a recommendation on the protection of health-related data.
This session will provide detailed information on how to interpret GDPR according to CTR and other publications. We will finally cover the future of GDPR implementation for CROs with a Code of Conduct. Indeed, authorities encourage the setting up of code of conducts which would help ensuring interpretation and compliance with regulations in various data processing sectors.

A Code of Conduct would then also help data controllers in setting up confident relations with data processors adhering to the Code of Conduct. Once a Code of Conduct has received approval from the European authorities and once a processor adheres to it, the controller could have a certain level of confidence in the way the processor ensures compliance with regulation.

This session will then also cover the Code of Conduct that is currently being drafted by EUCROF for CROs.




Managing Director of Lambda-Plus.

Thierry LEPOUTRE is the Managing Director of Lambda-Plus. He has the overall responsibilities of operations and R&D. He has more than 15 years of experience in clinical research in various domains such as eClinical, drug supply management and quality and security.

Thierry has graduated with a Master in Computer Sciences from the University of Namur in 1990. He then successfully graduated with a Certificate in Management of Information Security (InfoSafe) from the University of Namur and ICHEC (Brussels) in 2010. He finally successfully graduated with a formal certification in Data Privacy Management (DataSafe) from the University of Namur and ICHEC (Brussels) in 2019.

Attendance Fee

€ 90,- for non-EUCROF members

€ 60,- for EUCROF members

Deadline for registration

10 September 2019

How to register?

1) Go on the REGISTRATION PAGE and click on the green "REGISTER" button

2) Check your order and click on the green "CHECKOUT" button

3) Fill in all the necessary information and validate your order


You will receive 2 confirmation emails:

A) One from Eventbrite with your invoice

B) One from "GoToWebinar" with all the necessary information to connect the D-Day!


Should you have any questions about registration, invoices or connection, do not hesitate and contact us by email at This email address is being protected from spambots. You need JavaScript enabled to view it.

By registering to the webinar, you give your authorisation to the webinar organizers to use your email address and personal information to communicate with you about this event and future initiatives. To stop receiving their communications, please contact the organizers directly at This email address is being protected from spambots. You need JavaScript enabled to view it..