Privacy and data protection

With extensive experience as a Data Privacy Specialist and Data Protection Officer (DPO) in both the fertility sector, pharma industry and various consultancy environments, I have a strong track record of implementing and managing information security/privacy management systems (e.g. ISO 2700x, 277xx, 29100) in full compliance with applicable legislation across jurisdictions, including the EU, UK, and US.

I have overseen all aspects of privacy and information security in complex operational settings involving diverse categories of data subjects, large volumes of sensitive personal data, numerous vendors and processors, and intricate data processing activities – ranging from tissue and cell donation to assisted reproduction, pharmaceutical development/surveillance, and scientific research.

By aligning business processes, IT security, and employee conduct with stakeholder expectations and legal requirements, I have consistently helped organizations ensure regulatory compliance, build trust with clients and partners, and strengthen their overall reputation.

I hold multiple certifications in data privacy law and management, including CIPP/E, CIPM, IAPP Fellow of Information Privacy, and GDPR Master Class. I also have practical expertise in governance, risk, and compliance (GRC) software solutions, including certification as a OneTrust Privacy Technology Fellow. My work has involved close collaboration with data protection experts at leading law firms such as Bech-Bruun, Accura, and Plesner.

I am an active member of several professional forums and knowledge-sharing platforms, including the International Association of Privacy Professionals (IAPP), OneTrust DataGuidance, and the DPO Association of Denmark. I regularly participate in conferences, networking events, webinars, and training activities to stay current with industry developments.

Based on this experience, LHR Consult offers the following services:

  • Advising on information security and national/global privacy law (EU, UK, US etc.) incl. sector-specific law (healthcare, pharmaceuticals, tissue/cells, assisted reproduction, record keeping, scientific research, labor law, bookkeeping, marketing etc.), guidelines, standards and frameworks (e.g. ISO, NIST and COBIT) etc.
  • Gap/maturity analysis and auditing against current local/national requirements and frameworks.
  • Risk assessing of all business areas (e.g. PIA/DPIA and ISO 29134).
  • Mapping of asset inventories, context and purpose, data types/sources/flows, ownership, recipients/transfers, storage/retention schedules, security measures, local/national requirements (e.g. EU, UK, UK) etc.
  • Data lifecycle management (discovery, classifikation, collection, validation, quality, analysis etc.) incl. data-driven insights across the organisation.
  • Identifying, implementing and analyzing physical, organizational, behavioral and technical security measures/controls/metrics/KPIs (Annex A controls/“Statement of Applicability” etc.), regarding trending, return on investment (ROI), business resiliency, program maturity etc.
  • Anchoring business ethical thinking when working with artificial intelligence, biometrics, genetic screening, portable biosensors, whistleblowing, drug testing/monitoring, transfers, secondary use of data, etc.
  • Implementing and operating information security and privacy management systems/frameworks (ISO 2700X/277XX/29100 etc.), incorporating common privacy principles and concepts (privacy by design/default etc.), establishing responsibilities, reporting structures and communication with internal/external stakeholders.
  • Aligning approaches with the organizational culture, needs of stakeholders (sponsor, CRO, clinic, laboratory, investigator, client/patient etc.) and the broader business objectives and goals – ensuring flexibility when incorporating legal, market and business requirements.
  • Implementing and operating ”Governance, Risk and Compliance (GRC)”-software tools (OneTrust, ComplyCloud etc.).
  • Acting as Chief Privacy Officer, Data Protection Officer (GDPR Art 37), EU Represen-tative (GDPR Art 27) etc.
  • Preparing privacy and information security policies, operating procedures, tem-plates, flow diagrams, annual compliance wheel etc. (subject’s rights, transfer/ sharing, processors, incidents/breaches, retention, business contingency/ continuity, acceptable use, direct marketing, HR, cookies, consent, privacy notices etc.).
  • Facilitating training and awareness activities for employees, partners and other stakeholders (privacy, information-/IT- and cyber security, ePrivacy, business ethics etc.).
  • Managing subject’s rights, inquiries, complaints and contact with supervisory authorities.
  • Third-party vendor/processor management – due diligence, contracts/SCCs, monitoring and auditing, assessment of assurance reports (e.g. ISAE 3000/3402 and SOC 2) etc.
  • Management of international data transfers (transfer tools, SCCs, European Essential Guarantees, TIA etc.).
  • Managing deviations, incidents and security breaches (identification, registration, root cause analysis, reporting, corrective/preventive measures, trending etc.).
  • Liaising and sparring with local/national supervisory authorities (registration, reporting, complaints, inspection, interpretation of legal requirements etc.).
  • Identifying and managing challenges and opportunities to continuously improve frameworks and programs (digitation, automation, cloud solutions, GRC tools etc.).

Assignments related to Tissues & cells and Quality management may well be combined with those mentioned above. For more information – see relevant sub-menus under “Services”.

Enter your
text here
This website uses cookies. By continuing browsing on the site you agree the use of cookies