Ask the Expert: EU Data Protection

News
Video

In this episode of the Ask the Expert video series, Susan J. Schniepp, distinguished fellow at Regulatory Compliance Associates, and Siegfried Schmitt, PhD, vice president, Technical at Parexel, discuss EMA’s revised guidelines on data protection in marketing authorization applications.

The European Medicines Agency (EMA) announced in December 2024 that the agency and the Heads of Medicines Agencies (HMA) have revised their guidance on identification of commercially confidential information (CCI) and personal data used in marketing authorization applications. The revision was done as part of the agency’s commitment to transparency in the disclosure of information in response to access-to-document requests and the publication of data for authorized medicines (1).

In this episode of the Ask the Expert video series, Susan J. Schniepp, distinguished fellow at Regulatory Compliance Associates, and Siegfried Schmitt, PhD, vice president, Technical at Parexel, discuss the impact of the revised guidelines and what manufacturers should do to secure such data.

“It was always felt that one should not have concerns when sending anything to the agencies such as the European Medicines Agency, or any agency within the European Union or the European Economic Area, because you would think that they understand what is confidential and what is not; however, this document is really a wakeup call, as the agencies only feel obliged to not disclose anything that is blindingly obvious secret, such as the manufacturing formula,” Schmitt says.

“So, this is completely different to what most companies had in the back of their mind. There are perhaps less obvious data in an application that could potentially cause enormous harm to the applicant if they were disclosed. For example, the listing of the clinical study sites and the names and contact details of the principal investigators; competitors could try and poach the patients and/or the investigators. The guidance only says that such data and information may be considered secret, but it doesn't say it is secret,” Schmitt explains.

Click the video above to watch Sue and Siegfried answer the following question:

“Our company handles a variety of personal data in our regulatory applications, and we saw that EMA has revised guidelines on the use of personal data in applications. What should we focus on when securing these data?”

*Scroll below for a full transcript of the video.

Reference

1. EMA. A Common EU Approach to Data Transparency in Medicine Regulation. Press Release. Dec. 18, 2024.

About the experts

Susan J. Schniepp is distinguished fellow at Regulatory Compliance Associates and a member of Pharmaceutical Technology®'s Editorial Advisory Board.

Siegfried Schmitt is vice president, Technical at Parexel and a member of Pharmaceutical Technology®'s Editorial Advisory Board.

Ask the Expert Video Series

Welcome to the Ask the Expert video series. This series is an extension of the PharmTech Group’s long-running print column in which industry experts answer common quality and regulatory questions from the industry. This new video series will expand on topic areas to include development and manufacturing concerns to help those working in the industry better understand bio/pharmaceutical requirements. Have a question you would like answered? Send it to PTProjects@mmhgroup.com, and it may appear in a future episode or print column.

We hope you enjoy the discussion!

Transcript

Editor's note: This transcript is a direct, unedited rendering of the original audio/video content. It may contain errors, informal language, or omissions as spoken in the original recording.

Welcome to the Ask the Expert video series, brought to you by Pharmaceutical Technology, pharmaceutical Technology, Europe, and Biopharm International. This series is an extension of the pharmaceutical technology groups long running print column in which industry experts answer common quality and regulatory questions.

This new video series will expand on topic areas and development and manufacturing concerns to help those working in the industry better understand biopharmaceutical requirements. We hope you enjoy the discussion.

So thanks very much again for joining me today, Sue and Siegfried. It's great to have you on as always. for our ask the Expert series, we've got a question here from one of our viewers and they are asking, that their company handles a variety of personal data in their regulatory applications, and they have seen that the EMA, the European Medicines Agency has revised the guidelines on the use of personal data in applications.

So what should they focus on when securing such data? So you see in the minds of many a company, anything that is in a dossier, IE an application to the regulators is by default, confidential, and must not be disclosed by the agencies. it was always felt that one should not have concerns when, sending anything to the agencies such as the European, medicines Agency.

so any agency within the European Union or the European economic area. Because you would think that they understand what is confidential and what is not. However, this document is really a wake up call as the agencies only feel obliged to not disclose anything that is blindingly obvious secret, such as the manufacturing formula.

So, this is completely different to what most companies had in the back of their mind. So there are perhaps less obvious data in application that could potentially cause enormous harm to the applicant if they were disclosed. So take for example, the listing of the clinical study sites. The names and contact details of the principal investigators, competitors could try and poach the patients and or the investigators.

The guidance only says that such data and information may be considered secret, but it doesn't say it is. Secret. anything you would like to add, Sue? I think it segues nicely into, if that information is, Siegfried said the clinical trial directors got out. There. My company is interested in cybersecurity and I think that there are a lot of scams that are using AI now in replicating voices.

And if you have, you know, a conference attendee, who's referenced in your application and they speak at a and you can see how that can go down a little rabbit hole. But, I think a lot of the concern has to do with what Siegfried, mentioned. It's protecting, the company. In a little bit stronger way and preventing some of these, sophisticated cyber, attacks that are going on all over the place.

What you just said, that the company needs to be protected. Absolutely. And you see, I believe that in many regulatory affairs departments who put together these submissions, they aren't really fully aware of these risks. don't really know how to take appropriate precautions. And when I say precautions, what I mean by this is.

To have a procedure in place that identifies what is actually commercially confidential information and personal data in an application. So this procedure then needs to provide instructions what information and data can and should be included in the application in the first place. If you can leave it out even better, then furthermore.

As regulators now demand that the applicant provides an acceptable reasoning why certain information or data should not be disclosed, then the company should have already made templates, reasoning text in place. So you need to have instructions, you need to have a procedures manual, so to speak.

And of course, people need to be trained in this. Yes, absolutely. So I think the, the key point here for companies is that you want to be proactive. You don't want to be reactive or it was be unprepared altogether. So you don't want to be caught off guard by an agency telling you, well, no, we don't accept that.

You just tell us. It's in your view, in your view, confidential. You don't give us a good reasoning, so be ready for it. Okay. And perhaps one aspect that this document doesn't really address is what about the correspondence between the applicant . And the agency in relation to a submission?

Have to be disclosed if someone applies for it or not. Do we now have to do this similar thing as you already do in the US and STEM every document as private and confidential to be disclosed? Perhaps this is something that has to happen, so maybe we have more of a similar approach in future in Europe, as you already have in the us.

I think it's all about protection, further protection, for the companies really is what is and for the employees too, right? It's protection for the employees in the company and that's really what we need. So it needs more awareness and that is clearly the message from us. Yes, absolutely. Perfect.

Thank you both. It's been great talking to you.

You have been listening to the pharmaceutical technology groups ask the expert video series. If you enjoyed this episode, please share with other colleagues who may find it interesting. If you have a particular query you would like to submit to be used in an upcoming episode, please send it into our editorial team.

More information about how to connect with our team can be found on our websites, farm tech.com and biopharm international.com. Thanks to everyone for joining us for this video series. We'll look forward to seeing you next time.

Recent Videos
Behind the Headlines, Episode 18
Drug Digest: Patient Preference Drives Solid Dosage Trends
Behind the Headlines, Episode 17
Related Content
mainz,Rhineland-Palatinate /germany - 16 07 2022: the biontech company building and flags in mainz germany | Image Credit: © Tobias Arhelger - stock.adobe.com

CureVac to Be Acquired by BioNTech in $1.25B Deal to Advance mRNA Cancer Therapies

Christopher Cole
June 12th 2025
Article

The acquisition boosts BioNTech’s mRNA design and manufacturing capabilities, accelerating development of next-gen cancer immunotherapies.

Drug Solutions Podcast: Growth and Advancements in Fill/Finish

Drug Solutions Podcast: Growth and Advancements in Fill/Finish

Felicity Thomas
June 25th 2024
Podcast

In this episode, Hanns-Christian Mahler from ten23 Health chats about the advances in fill/finish.

Darmstadt, Germany - November 10, 2021: A building at the headquarters of science and technology company Merck KGaA. | Image Credit: © Anne Czichos - stock.adobe.com

MilliporeSigma and Simtra Launch Five-Year Agreement for Drug Substance, Drug Manufacturing Services

Patrick Lavery
June 11th 2025
Article

The agreement has been designed to offer a turnkey service to companies seeking faster time to market.

Drug Solutions Podcast: All About Data: Looking at the EHDS in More Detail

Drug Solutions Podcast: All About Data: Looking at the EHDS in More Detail

Felicity Thomas
May 28th 2024
Podcast

In this episode, Alexander Natz from EUCOPE chats about the European Health Data Space.

Logo of Merck KgA, Merck is a German multinational science and technology company. | Image Credit: © Robert - stock.adobe.com

China’s NMPA Approves Merck KGaA Treatment for Tenosynovial Giant Cell Tumor

Patrick Lavery
June 10th 2025
Article

NMPA’s Center for Drug Evaluation accepted Merck KGaA’s application for marketing authorization of pimicotinib as a Class 1 innovative drug for adult patients with TGCTs that require systemic treatment.

Washington, DC, USA - June 24, 2022: The symbol of the U.S. Department of Health and Human Services is seen at the entrance to its headquarters in the Hubert H. Humphrey Building in Washington, DC | Image Credit: © Tada Images - stock.adobe.com.

Implications of RFK Jr.’s CDC Vaccine Committee Overhaul for the Pharmaceutical Industry

Christopher Cole
June 10th 2025
Article

The dismissal of all 17 members of the Advisory Committee on Immunization Practices has far-reaching impacts for the industry and beyond.