In September 2020, I launched my own consulting company (https://lhr-consult.dk/), to offer legal advice, quality management and administration of data protection/GDPR within the healthcare business (tissues and cells, fertility/assisted reproduction etc.), life science (clinical trials, pharmacovigilance, manufacturing etc.) and other academic disciplines of the public/private sector.

Key responsibilities involve:

• Legal advice, quality management and administration of data protection/GDPR.

As Quality Manager, I was responsible for ensuring that company products, services and know-how met the necessary set of standards based on regulatory requirements, customer expectations and other stakeholder’s wishes.

Key responsibilities involved:

• Mapping of data/dataflows, systems, processes, responsibilities, risks, quality controls and indicators etc.
• Preparing, implementing and maintaining of a quality management system (EU/GxP, ICH, WHO, ISO 2700X/900X mv.).
• Defining and deployment of a data quality/data governance framework (securing confidentiality, integrity, availability etc.), to ensure better data analytics, decision making, operations support and mitigate ambiguity and misuse (ISO 8000).
• Preparing of company quality documents (Quality Manual, policies, SOPs, terms & conditions etc.).
• Acting as Quality Responsible/quality point of contact.
• Preparing, concluding and maintaining of third-party agreements/contract management (general practitioners, test laboratories, fertility clinics etc.).
• Providing legal advice on tissues and cells activities such as procurement, analysis, processing, qualification, coding, preservation, storage, release, sale, distribution/export, import, recall, genetic matching, assisted reproduction, scientific research etc. (DPSA, DHA, SSI, NVK, HFEA, BGV, ECDC, EU/GxP, OECD, WHO etc.).
• Providing legal advice on patient rights, healthcare professionals’ duties/rights, authorization, record keeping, reporting obligations etc.
• Planning, implementing and driving the processes of risk management incl. identification, performing of qualitative/quantitative analyses and risk reports, monitoring and controlling – and proactively developing risk mitigation actions regarding cross contamination, mix-up’s etc. (EU/GxP, ICH, ISO 27005/31000).
• Determining, measuring, analyzing, evaluating and monitoring of key/quality indicators (KPIs) to demonstrate performance.
• Managing of integrated business processes across the supply chain (supply chain management).
• Identifying and managing challenges and opportunities incl. optimizing of processes/systems according to annual compliance schedule, change requests etc., through digitation/automation solutions, integration of controls etc. (e.g. biometrics and digital photo match).
• Ensuring that initial and continuous training programs are implemented and maintained – and providing stakeholders with the required resources, training, awareness activities and authority.
• Preparing, executing and hosting of- as well as follow up on internal audits and government inspections (ISO 900X/19011).
• Registrating, assessing and reporting of incidents, deviations, complaints etc. – incl. root cause analysis, establishing, implementing and evaluating the effect of corrective/preventive actions (CAPAs)/remediation, trend analyses etc. (EU/GxP etc.).
• Assessing of laboratory kits, methods and results, diagnostic window periods etc.
• Monitoring of threats from new infectious diseases (e.g. SSI, ECDC, WHO, CDC).
• Implementing safety and precautionary measures, e.g. air quality (particle/microbial counts etc.), use of cell culture media, aseptic/sterile production, personal protective equipment, biohazardous waste, liquid nitrogen/gas alert detectors, blood sampling, cleaning, hygiene and sanitation etc. (e.g. EU/GxP, OECD, WHO).
• Calibrating, qualifying, monitoring and maintaining of laboratory/cryogenic equipment incl. reviewing and assessing of validation-, service- and inspection reports, certificates of analysis, package inserts, user manuals, accreditations etc. (e.g. EU/GxP, OECD, WHO).
• Liaising and sparring with fertility clinics, sperm banks, service providers and other stakeholders.
• Coordinating and promptly performing any recall operations and approving returns to saleable stock.
• Liaising and sparring with competent authorities (e.g. registrations, applications/permits, reporting, hearings, notifiable diseases, scientific research and legal interpretations).
• Preparing and managing of staff records (CV, job description, training log etc.).
• Product development (e.g. exclusive- and known donor, gamete/embryo storage, home insemination, sperm analysis, genetic counselling/matching and services related to donor-donor child contact).
• Start-up of new tissue centers, donation sites etc.
• Coordinating with stakeholders, specialists and staff to enhance procedures, operations and regulatory compliance.
• Monitoring of national, EU and international legislation and ensuring compliance with regulatory requirements (e.g. DPSA, HFEA, BGV, SSI, NVK).

As the DPO/GDPR Specialist (DK, UK and DE), my primary job was to ensure that personal data on staff, customers, donors or any other data subjects – was managed in accordance with applicable data protection rules, e.g. the General Data Protection Regulation (GDPR) and national Data Protection Acts.

I hold a number of certificates in data protection law (e.g. GDPR Master Class) and have worked closely with personal data specialists in law firms such as Bech-Bruun, Accura and Plesner. In addition, I am a member of various GDPR knowledge-sharing platforms (e.g. the Danish DPO Society, Plesner’s LegalHub and Bech Bruun Academy) and continuously take part in various network meetings, webinars and other activities.

Key responsibilities involved:

• Mapping of data/dataflows, systems, processes, responsibilities, privacy risks/controls etc. (incl. Record of Processing Activities).
• Planning, implementing and driving the processes of risk management, including identification, performing qualitative/quantitative analyses and risk reports, (e.g. Data Protection Impact Assessment/DPIA (ISO 29134)), monitoring and controlling – and proactively developing risk mitigation actions (e.g. EU/GxP, ICH, ISO 27005/31000).
• Preparing, implementing and maintenance of an ISMS/GDPR compliance-package (ISO 2700X/27701/29100).
• Defining and deployment of a data quality/data governance framework, securing confidentiality, integrity, availability etc. (ISO 8000).
• Acting as Data Protection Officer/DPO (GDPR Art 37).
• Preparing of roadmap of activities required to anchor GDPR compliance in company products and activities.
• Drafting, editing, amending and updating of ISMS/GDPR documentation within all aspects of regulatory compliance (e.g. IT policy, privacy policy, cookie policy, retention policy, SOPs, contracts and consent forms).
• Identifying and managing challenges and opportunities incl. optimizing of processes/systems according to annual schedule, change requests etc., through digitation/automation, integration privacy controls etc. (e.g. biometrics and digital photo match).
• Providing legal advice, training and awareness activities related to information security, the GDPR, best practices/standards, special law (business, tax, employment, health etc.), IT- and cyber security, ePrivacy, data ethics, digital responsibility etc. (national Data Protection Agencies, EDPB, Agency for Digitisation, CFCS, ENISA, ISO, CIS/SANS 20, NIST 800-53, ISACA/COBIT 5 and ISF).
• Assessing/auditing of data processors (ISO 27001, SANS/CIS 20 etc.), preparing of Data Processing Agreements, assessing of assurance reports (e.g. ISAE 3000/3402, SOC 1/2) etc.
• Managing of data subject rights (withdrawal of consent, erasure/backup issues etc.), requests, complaints etc.
• Managing of third-country transfers, SCCs, cloud service-issues, supplementary measures etc.
• Registrating, assessing and reporting of data breaches – incl. root cause analysis, establishing, implementing and evaluating the effect of corrective/preventive actions (CAPAs), trend analysis etc. (EU/GxP etc.).
• Preparing, executing and hosting of- as well as follow up on internal audits and government inspections, consolidating compliance with legal/internal requirements (ISO 19011).
• Managing other GDPR activities (related to marketing, data retention, scientific/statistical research etc.).
• Determining, measuring, analyzing, evaluating and monitoring of key indicators (KPIs) to demonstrate performance.
• Carrying out controls in accordance with annual wheel of activities.
• Liaising and sparring with national/international supervisory authorities (registrations, applications, reporting, complaints, interpretation of the law etc.).
• Monitoring of regulatory requirements, guidelines, etc. and ensuring "compliance" accordingly.
• Maintaining a current understanding of the IT threat landscape and acquiring knowledge about new IT solutions, processes and methods through competence development, training and participation in relevant events etc. (e.g. data management, AI, cloud technology).

As the RP (Danish Tissue Order §4/5), I was responsible for ensuring, that all licensed activities were conducted with proper regard for the regulatory framework, governing treatment and research involving gametes/embryos (i.e. to ensure patients received the highest quality of treatment).

Key responsibilities involved:

• Ensuring that staff were qualified and had the necessary training and experience to perform their role.
• Ensuring clear responsibilities, roles and systems of accountability to support good governance.
• Ensuring that activities were carried out on suitable premises and that the company used proper equipment (e.g. EU/GxP, WHO, OECD).
• Ensuring that proper arrangements were made for the keeping and disposal of gametes/embryos.
• Ensuring that suitable practices were used in the course of the company’s activities (e.g. EU/GxP, ICH, WHO, OECD, ISO 900X/2700X).
• Ensuring that conditions of the license were complied with.
• Ensuring that conditions of third-party agreements relating to the procurement, testing, processing or distribution of gametes/embryos were complied with.
• Ensuring that appropriate actions were taken following feedback from the Danish Patient Safety Authority (DPSA), staff and patients. This included taking action on outcomes of inspections, audits, incident investigations, patient complaints and feedback.
• Ensuring that data about certain specified activities and register data were reported to the DPSA accurately and in a timely manner.
• Ensuring that paperwork, fees and data were submitted to the DPSA in a timely manner.
• Ensuring that the company’s staff co-operated fully with inspections and investigations by the DPSA.
• Ensuring that requests for information and/or documents from the DPSA were responded to promptly.
• Ensuring that areas for improvement were identified and changes were successfully implemented (to deliver improvements).

Recruited as a consultant to cooperate with the Qualified Person for Pharmacovigilance (QPPV) to ensure and monitor drug safety.

Key responsibilities involved:

• Preparing of GAP-analysis, risk assessment and resource estimation to implement new PV legislation.
• Preparing of PV System Master File.
• Ensuring that local business alliance and third parties PV-agreements are in place, up to date and followed as required.
• Ensuring conduct of pharmacovigilance and submission of all pharmacovigilance-related documents in accordance with the legal requirements and Good Vigilance Practice.
• Overseeing the safety profiles of marketed drugs and any emerging safety concerns.
• Input to the EURD-list.

As a Pharmacovigilance Officer, I was responsible for monitoring and reporting the effectiveness and side effects of marketed drugs in the general population.

Key responsibilities involved:

• Drug safety surveillance (especially ATC codes A08-A16, D10, G02-D04).
• Assessing of PSURs/RMPs, ADRs, drug interactions, scientific literature etc. and flagging up early warning signs.
• Addressing requests from consumers, HCPs, MAHs, NCAs, the Ministry of Health and the EMA
• Managing of Safety Alerts, Dear Doctor Letters etc.
• Preparing of quality documentation (SOPs, instructions etc.).
• Preparing of newsletters, PV updates, homepage updates etc.
• Training of staff.

As part of Global Patient Safety, I was responsible for surveilling the safety of pharmaceutical products.

Key responsibilities involved:

• Registrating, assessing, unblinding, reporting etc. of ICSRs (EV Gateway).
• Maintaining of drug safety database (ARISg).
• Acting as point of contact for safety queries and support affiliate personnel.
• Communicating with healthcare professionals, business partners etc.
• User Acceptance Testing (E2B Gateway) etc.
• Training of staff.

As a contract research organization (CRO), Medicon A/S provided support to the pharmaceutical industry in the form of research activities etc. - outsourced on a contract basis. During my time as Safety Officer, I was overall responsible for pharmacovigilance of drugs tested in clinical trials (phase I-III) and played a key role in the success of the company.

Key responsibilities involved:

• Registrating, assessing, coding, unblinding and reporting of SAEs from clinical trials (EV Web).
• Preparing of narratives, query-forms, CIOMS-reports, Annual Safety Reports etc.
• Safety surveillance/signal detection.
• Maintaining telephone helpline (counseling/guidance on drug effects & safety).
• Communicating with clinical research associates, investigators and other healthcare professionals, sponsors, committees (e.g. DMC and Critical Event Committee) and competent authorities.
• Training of investigators, study nurses etc.
• Medical writing (ICTR, protocol etc.).
• Preparing of quality documentation (SOPs, instructions etc.).
• Preparing of PV-agreements and other sponsor-related documentation.
• Translating of medical information (patient journals, epicrises, medical examinations etc.).
• Participating in trial designing.
• Searching for and assessing scientific literature (sponsor products).
• Monitoring national, EU and international legislation and ensuring compliance with regulatory requirements.
• Acting as external consultant.

Acting as a consultant from Medicon A/S, I assisted in executing various affiliate-related pharmacovigi-lance activities in close collaboration with Global Patient Safety.

Key responsibilities involved:

• Registrating, assessing, unblinding, reporting etc. of ICSRs (EV Gateway).
• Maintaining of drug safety database (Oracle ARGUS).
• Managing of drug safety mailbox
• Acting as point of contact for safety queries and support affiliate personnel.
• Communicating with Global Patient Safety, consumers, business partners etc.

Acting as a consultant from Medicon A/S, I assisted in the safety evaluation and surveillance of pharma-ceutical products – marketed and in clinical development.

Key responsibilities involved:

• Registrating, assessing, unblinding, reporting etc. of ICSRs (EV Gateway)
• Maintaining of drug safety database (ARISg)
• Acting as point of contact for affiliate safety queries and support affiliate personnel.
• Communicating with health care professionals, business partners etc.

Providing support to the safety manager, clinical study team and other line functions in managing and monitoring the safety of pharmaceutical drugs.

Key responsibilities involved:

• Monitoring the safety profile of pharmaceutical drugs.
• Registrating, assessing, unblinding, reporting etc. of ICSRs.
• Providing responses to inquiries from regulatory authorities, healthcare professionals and consumers.
• Interfacing with the clinical team and coordinating with other line functions for associated activities such as updates, analysis of datasets and ongoing tracking of commitments and effectiveness measures.
• Assisting in the preparation of safety documents (e.g. Annual Safety Update Report, Investigator’s Brochure, safety instructions).
• Providing support for licensing activities, inspections, audits and project recall activities.
• Assisting with project activities on an ad hoc basis.
• Monitoring national, EU and international legislation and ensuring compliance with regulatory requirements.

I helped to prepare, coordinate and oversee the execution of clinical trials of pharmaceutical drugs.

Key responsibilities involved:

• Preparing trial-related documentation (protocol amendments, patient information etc.)
• Managing case record- and query forms, batch journals, certificates of analysis, study medication logistics etc.
• Coordinating the collection, distribution and storage of data obtained during clinical trials.
• Participating in review of clinical study protocols reports.
• Communicating with Novartis Healthcare HQ, contract research organizations, investigators and other healthcare professionals.

Maintenance of processes to ensure that company products were safe and legal, met customer expectations and complied with regulatory requirements.

Key responsibilities involved:

• Preparing document packages for regulatory submissions (e.g. license renewals, annual registrations and variation applications) to ensure compliance with regulatory requirements.
• Maintaining and updating information about global regulatory requirements.
• Responding to customers and/or authorities requests/inquiries dealing with regulations and product compliance.
• Maintaining of product database.
• Reviewing of product labelling and marketing materials for regulatory compliance.
• Translating of product documentation such as Summery of Product Characteristics, Package Insert Leaflets etc.