Case Study
Karuna
Transforming Data Protection into Strategic Value
How Kirke’s expertise powered Karuna’s successful clinical trials and acquisition.
Transforming Data Protection into Strategic Value
How Kirke’s expertise powered Karuna’s successful clinical trials and acquisition.
“We engaged Kirke in 2020 to guide us through our GDPR compliance implementation. Kirke developed a Privacy Program that was compliant with most data protection regulations around the globe and they acted as our DPO. During the acquisition process we went through with Bristol Myers Squibb (BMS), Kirke was instrumental in demonstrating that Karuna was compliant with data protection requirements. Subsequently, they played a key role in transitioning data protection policies, procedures and documentation to BMS.”
Karuna is a clinical-stage biopharmaceutical company managing highly sensitive clinical trial data across global studies. As the organization scaled, the complexity of handling personal and clinical data across jurisdictions increased significantly. To support growth and acquisition readiness, Karuna needed to strengthen its data protection and data governance practices to ensure compliance with GDPR and other global regulations while maintaining operational efficiency across clinical trials.
Karuna operates in a highly regulated environment, managing sensitive clinical and personal data across multiple systems, vendors, and global trial sites. As the organization grew, so did the complexity of its data protection obligations and governance requirements.
At the same time, increasing expectations around compliance, transparency, and mergers & acquisitions (M&A) due diligence, particularly in the context of potential acquisition, put additional pressure on leadership to demonstrate control, accountability, and trust in their data practices.
Karuna needed to align its practices with GDPR requirements while ensuring consistent data protection across jurisdictions.
A growing network of vendors created risk exposure, with limited oversight into how third parties handled sensitive clinical trial data.
Manual processes and fragmented systems made it difficult to maintain consistency, slowing down operations and increasing compliance risk.
Kirke partnered with Karuna to design and implement a scalable privacy program implementation aligned with global regulatory requirements and business objectives.
The approach focused on building a practical, right-sized data protection program that integrated governance, compliance, and operational workflows, ensuring that privacy was not just documented, but embedded into day-to-day operations.
Established a structured privacy program aligned with GDPR and global data protection requirements.
Created visibility into how clinical trial data was collected, used, and shared.
Strengthened oversight and risk management across vendors handling sensitive data.
Prepared the organization for increased regulatory scrutiny and acquisition readiness.
Karuna successfully strengthened its data privacy and governance capabilities, positioning the organization for compliant growth and increased operational confidence.
Key outcomes:
Ready to transform data complexity into clarity? Tell us about your privacy, AI, or data strategy needs and we'll schedule a time to discuss how we can help.