Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

Multinational pharmaceutical company: Building greater trust through data privacy

GDPR introduces strict new rules for how companies obtain, store and share personal data. We helped a leading multinational pharmaceutical company get ready for the regulation by implementing a new data privacy framework across the organisation. The new model builds data privacy into everyday processes, so that they can demonstrate to all their stakeholders that it’s serious about managing their personal data.

Key successes included:

  • embedding a new data privacy model organisation-wide within 12 months
  • establishing internal data privacy capability to meet future challenges
  • using agile programme management to reflect evolving GDPR guidance
  • integrating data privacy practices into business as usual.


Sharing our personal data with companies helps them develop the products and services we need. But before we hand our data over, we want to be confident companies will keep it safe. That’s what the EU’s General Data Protection Regulation (GDPR) aims to achieve. It sets out strict rules for how companies obtain, store and share our personal data.

The leading pharmaceutical company has business units worldwide, developing and selling products as diverse as vaccines, medicines and healthcare products to many different types of customer. GDPR meant they needed to be sure every part of this extensive and diverse organisation was collecting, storing and sharing data appropriately. We worked with them to ensure that they adopted GDPR and demonstrated to their stakeholders that they take data privacy seriously.


We put together a diverse team of experts to work alongside their team in partnership to plan and implement an effective data privacy framework and operating model based upon GDPR. Our team included experts in data privacy, project management, IT delivery, policy development, change management and business design.

The first task was to understand the scale of the challenge. As the sheer number of systems and processes affected by GDPR became apparent, we worked with them and their external legal advisors to identify the areas of highest priority and focused our efforts on these first.

Although we put in place a clear plan to deliver the changes required ahead of the May 2018 GDPR deadline, we had to manage the uncertainty that stemmed from the fact that the rules were changing as we delivered the project. That’s because during this time European regulators issued rolling guidance on how GDPR should be implemented in individual countries. Our approach to ‘building the plane while flying’ required flexibility and pragmatism.


We developed the programme to meet the required timescales, ensuring we helped them set up an internal capability to address data privacy issues across their global business in the future. This included helping onboard over 50 new team members. The new capability means they are well placed to manage the privacy risks from new digital technologies such as Artificial Intelligence as they emerge.

Our work helps them achieve GDPR compliance as efficiently as possible. Data privacy practices are integrated into ‘business as usual’ processes and designed into any new projects and activities. For our client, complying with GDPR has become about much more than avoiding fines for non-compliance. Their commitment to looking after stakeholder’s personal data is reinforcing stakeholder trust and helping it build loyalty and competitive advantage in global pharmaceutical markets.

Contact the GDPR team


By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.