Case Study
Karuna
Transforming Data Protection into Strategic Value
How Kirke’s expertise powered Karuna’s successful clinical trials and acquisition.
Transforming Data Protection into Strategic Value
How Kirke’s expertise powered Karuna’s successful clinical trials and acquisition.
“We engaged Kirke in 2020 to guide us through our GDPR compliance implementation. Kirke developed a Privacy Program that was compliant with most data protection regulations around the globe and they acted as our DPO. During the acquisition process we went through with Bristol Myers Squibb (BMS), Kirke was instrumental in demonstrating that Karuna was compliant with data protection requirements. Subsequently, they played a key role in transitioning data protection policies, procedures and documentation to BMS.”
Karuna, a pioneering biopharmaceutical company focused on developing therapies for neurological and psychiatric conditions, including schizophrenia and Alzheimer’s disease psychosis, faced a critical challenge: safeguarding sensitive clinical trial data while navigating complex global data protection regulations.
After initiating clinical trials at multiple sites across the European Union, Karuna quickly recognized the critical need to comply with the General Data Protection Regulation (GDPR) to secure regulatory approval and protect patient data. Although the program initially focused on GDPR compliance, it evolved into a comprehensive framework addressing data protection and privacy regulations worldwide. Without a robust and adaptable data protection program, Karuna risked not gaining approval to conduct their trials, jeopardizing both their research and business trajectory.
However, developing a comprehensive data privacy program presented significant challenges:
Building a robust framework that adhered to stringent data protection regulations worldwide.
Creating a culture of privacy while integrating new data protocols into corporate processes.
Ensuring vendor agreements contained appropriate data protection clauses to fulfill Karuna’s data controller responsibilities.
Scaling the program to accommodate varying international regulations without introducing inefficiencies or inconsistencies.
Recognizing these challenges, Karuna partnered with Kirke for its unparalleled expertise in global data protection and privacy regulations. Acting as Karuna’s Data Protection Officer, Kirke initially designed and implemented a robust Data Protection Program to meet GDPR requirements. As the program matured, it was expanded to comply with data protection and privacy regulations worldwide, ensuring comprehensive and sustainable compliance for clinical trial operations across the globe.
Kirke conducted a comprehensive data mapping exercise to identify internal and external data repositories. This effort culminated in the
creation of a GDPR-compliant Record of Processing Activities (Article 30).
A thorough Data Protection Impact Assessment (Article 35) helped identify potential risks, guiding the design of a Data Protection Governance Structure. Kirke also developed all the required policies and Standard Operating Procedures (SOPs) to support the data protection program and ensure ongoing compliance.
Kirke meticulously evaluated third-party vendor agreements, ensuring they contained robust data protection clauses and secure data transfer mechanisms.
Kirke guided Karuna through the certification process under the EU-US Data Privacy Framework, a more efficient data transfer mechanism that allows companies to bypass standard contractual clauses. This certification streamlined the process of signing contracts with vendors and clinical sites, reducing lengthy review and negotiation periods.
To foster long-term compliance, Kirke launched an organization-
wide training initiative that embedded a privacy-centric culture within Karuna.
Kirke’s strategic approach enabled Karuna to achieve clinical trial approvals by demonstrating stringent compliance with global data protection standards. Once the clinical trials were secured and ongoing with robust data protection measures, Karuna’s market value significantly increased. This strengthened position made Karuna a prime acquisition target, leading to a seamless acquisition by a major pharmaceutical company.
Thanks to Kirke’s expertise, the implementation of a robust data protection program was a critical requirement during the acquisition due diligence process, demonstrating Karuna’s commitment to compliance and data integrity. After the acquisition was finalized, Kirke continued to support the transition of the data protection program to the pharmaceutical company, ensuring continuity and sustained compliance. This partnership underscored Kirke’s commitment to enabling business growth through compliance and strategic data governance.
Ready to transform data complexity into clarity? Tell us about your privacy, AI, or data strategy needs and we'll schedule a time to discuss how we can help.