CMR’s commitment to GDPR

The General Data Protection Regulation (GDPR) has replaced the Data Protection Act in the UK and is concerned with the handling and protection of EU citizens' personal data. As many of the GDPR's main concepts and principles are much the same as the current Data Protection ACT, CMR, as a data controller, has already in place a robust system for recording, storing and analysing any personal data. Reviewing the additional elements outlined within the act, here we've outlined the steps we've taken to ensure our compliance to GDPR.

  • Creative Medical Research ensures that we responsibly collects, records, stores and analyses data for the purpose of delivering market market research on behalf of clients.
  • CMR ensures that all consent that is ascertained is verifiable and we are aware of when and how it was given. As has always been our priority, it is made clear to participants the significance of consent and thus the ease at which they may withdraw consent as well as give it.
  • All personal data is stored in a secure environment and CMR ensures we have implemented maximum virtual security such as encryption and the necessary firewalls where required. The company has taken measures to ensure the security of any international transfers of data.
  • To ensure we may give clients very detailed information, CMR anonymises personal data so that it is not connected to an identifiable person. We never collect any non-essential personal data.
  • CMR does work with other data processors where a project requires. We have written contracts in place with any 3rd party we work with that respect the essential requirements outlined for GDPR compliance. We ensure at all points throughout our collaboration that these contractors adhere to GDPR requirements and therefore will not work with new suppliers who don’t demonstrate their commitment to GDPR.
  • Technical measures have been put in to place to restrict access to systems holding personal data.
  • Storage of any data will be limited to specific time periods which is outlined within our service agreements with clients and suppliers.
  • CMR has implemented processes to adequately facilitate any request for access to or deletion of personal information by the participant. Any paper files are disposed of securely through a third party specifically experienced at disposing confidential waste.
  • CMR has a dedicated Data Protection Officer (DPO) to ensure the company’s adherence to GDPR is maintained to a high level.
  • Staff have been trained and made aware of their responsibilities to safeguard the personal data of any participants they are working with and are aware of the designated DPO.
  • We have implemented a data breach policy to ensure in the unlikely event a breach is identified, the procedure is undertaken to minimise any negative impact.
  • We have also updated our privacy policies.

At CMR, we shall consistently monitor the guidance issued by the ICO regarding future additions to the GDPR legislation to ensure we comply with all regulations to the highest standards. If you have any questions about how we store and protect data, please do contact us +44(0)1473 832211.