MHRA´s Data Protection Policy

GMP meets Development

Recommendation

18-20 November 2025
Heidelberg, Germany

GMP meets Development
GMP and FDA Compliance in Pharmaceutical Development and IMP Manufacturing

Register now for ECA's GMP Newsletter

Register now for ECA's GMP Newsletter

Register for the ECA GMP Newsletter

The UK Medicines and Healthcare products Regulatory Agency (MHRA) has detailed its data privacy policy. The authority released the document on the day the EU General Data Protection Regulation (GDPR) came into force: May 25, 2018.
 
The document sets out from whom MHRA collects data, what types of data it processes, how it uses the data and which groups it may share the information with. In providing a full account of how data flows through its organization, MHRA has revealed the extent to which it relies on the processing of personal information to perform its regulatory functions.
 
The MHRA lists 15 groups from which it collects personal data:

  • members of the public
  • employees and formers employees
  • customers and clients
  • advisers, consultants and other professional experts
  • suppliers and service providers
  • complainants and enquirers
  • holders of public office
  • applicants to committees
  • members of advisory groups and committees
  • legal representatives
  • academics and researchers
  • health and care professionals
  • manufacturers and wholesalers of medicines and devices
  • pharmaceutical and scientific organizations
  • applicants for permits, licenses, certificate and permit holders

The MHRA collects (and stores) personal data when using the Agency’s website or contacting MHRA through other channels to perform its regulatory functions, process requests and promote its services. The collected data include, for example, bank details, educational/professional qualifications and IP address and location. MHRA also processes more sensitive types of personal information like political opinions and genetic data or biometric data. 
 
The agency may share the data with more than 25 groups, including credit reference agencies, debt collectors, trading standards and the European Medicines Agency (EMA). MHRA states it shares data “where necessary, required and within the law.” The agency’s document refers repeatedly to how its policy fits with data protection rules.

More information can be found in the Transparency Data - MHRA Privacy Notice.

Conference Recommendations

GMP meets Development

Heidelberg, Germany
18-20 November 2025

GMP meets DevelopmentGMP and FDA Compliance in Pharmaceutical Development and IMP Manufacturing

Related GMP News

07.05.2025FDA is extending its Quality Management Maturity Programme

30.04.2025FDA Warning Letter on missing Audit Trails and Raw Data Review

23.04.2025New WHO Guideline Package: TRS 1060 published

16.04.2025EMA: QPs must provide a written final Assessment and Approval of Third-Party Audit Reports

15.04.2025Strategic Report published by the Critical Medicines Alliance

09.04.2025EMA's Plans for the next three Years

Go back

NEWSLETTER

Stay informed with the GMP Newsletters from ECA

GMP Newsletter

The ECA offers various free of charge GMP newsletters for which you can subscribe to according to your needs.

To subscribe, please click here.