Join us on the 12th April for our live webinar! Marketing of Pharmaceutical Drugs & Interactions with Healthcare Professionals in a Digital Era.

Find out more

Data Privacy

Helping You Navigate Complex Data Rules

If you hold details on employees, customers or suppliers you are likely to hold personal data, and must ensure you collect, control, process, store and delete such personal data in accordance with legal requirements.

Streamlining Data Privacy Processes – Bespoke Data Privacy Support

At LS Law we devise streamlined processes and policies to ensure personal data is handled compliantly, whether that’s drafting a privacy policy, a form of consent, or advice on how to handle personal data.

In the UK and Europe, the General Data Protection Regulations (GDPR) must be adhered to. In other global jurisdictions, data privacy legislation may also apply.

Global Data Privacy Legal Support

We have extensive experience with privacy and data protection, including the General Data Protection Regulations (GDPR), and other legislative regimes concerning data privacy across the globe, including the EU-US Data Privacy Shield.

Interactions with individuals are central to the activities of the life science industry, and so ensuring the company has appropriate safeguards in place, data privacy policies, and the correct contractual clauses are used, and ensuring you have a lawful basis to process personal data is critical.

Data Privacy Parameters

We support our clients on a variety of topics including: 


  • Promotional and Non-Promotional Events & Activities
  • Clinical Trials
  • Big Data Analysis
  • Healthcare Research
  • International Third Party Data Transfers
  • Whistleblowing Schemes
  • Data Subject Access Requests
  • Data Privacy Impact Assessments

Data Privacy Safeguards

We help our clients to understand the applicable legal framework, and the measures which need to be taken to ensure compliance with data privacy regulations including:


  • Ascertaining Data Controller -v- Data Processor Status
  • Data Processing Agreements
  • Joint Controller Arrangements
  • Data Transfer Agreements
  • Setting Up Data Processing Registers
  • Drafting Data Privacy Policies
  • Carrying out Data Privacy Audits
  • Data Retention Policies and Procedures

Data Privacy Officer (DPO)

In a number of jurisdictions, it is a requirement to engage an independent data privacy officer; a support function we can provide, through our Data Privacy Officer Subscription Service.

The advantages of engaging an external data privacy officer are clear to see.

Pros and Cons of Internal vs External Data Privacy Officers (DPOs)

When considering the appointment of a Data Privacy Officer (DPO), organisations face the decision of choosing between an internal or external DPO. Each option has its unique advantages and disadvantages, impacting factors such as cost, expertise, and operational efficiency. Below, we outline the key pros and cons to help you make an informed decision.

Internal DPO


  • Knows the business very well
  • On-site presence
  • Opportunity for internal promotions
  • Chance for growth within the company


  • Termination can be complicated
  • Potential conflicts of interest
  • Workload issues if the DPO has another “day job”
  • Additional cost if a new headcount is required
  • Cost of training and potential lack of expertise
  • External DPO

External DPO


  • Senior privacy experts with specialised knowledge
  • Termination is straightforward
  • Reduced cost compared to hiring internally
  • Team support available
  • Specialist support provided
  • Reduced risk of conflicts of interest


  • Not available on-site 24/7
  • Separate cost for the service

Discuss your data privacy challenges with one of our experts

We are ready to discuss your challenges and would be delighted to help you identify an optimal solution, and a practical course of action to get you there.

Book a call for data privacy support