Content :

Protection of Personal Data

Background and policy

Personal data include information that makes it possible to identify an individual. Due to the widespread use of information technology today, protecting these data is a CSR issue.
Given the rise in the international transfer of personal data, it has become essential to take efforts to help protect these data in order to help guarantee fundamental liberties, especially the right to privacy, which is an integral part of Human Rights.

Respecting the regulatory framework

In the countries where Sanofi operates, the Group respects local legislation and regulation governing the processing of personal data. Where no laws exist, the Group provides a strong level of protection as set out in the Sanofi Personal Data Protection Charter. Such legislation is designed to protect the right to privacy.

For more information:

• World map of countries that have adopted personal data protection laws:
  • www.privacyinternational.org / Global data protection map
• European Directive of 24 October 1995:
  • eur-lex.europa.eu / Directive 2001/83/EC of the European Parliament and of the Council
• French national data protection authority (CNIL), which is in charge of ensuring respect for the French law on Data Processing, Data Files and Individual Liberties:
  • www.cnil.fr / english

What is at stake

Recent serious privacy incidents, such as illegal access to personal data through the Internet (data breaches), have increased public awareness and concern regarding how companies are handling personal information. As a consequence, more and more companies are finding they need to reinforce their privacy programs and security processes. Indeed, clear and well-defined processes are key organizational elements helping to design a privacy program. Strong privacy practices contribute to a company’s reputation and brand recognition.

All Sanofi employees, and all third parties with whom Sanofi has dealings (patients enrolled in clinical trials, healthcare professionals, contractors, scientists, etc.), are entitled to their privacy. Sanofi is committed to taking appropriate measures designed to help protect their personal data. In addition, the Sanofi Code of Ethics states that, personal data protection gives individuals whose data are held the right to control the collection, processing, use, disclosure and storage of their data. Sanofi makes every effort to ensure that all people whose data are collected are informed of this fact.

Concerning data for patients involved in clinical and pharmacovigilance trials

These data consist of information about individuals who receive our treatments (during clinical trials, genetic studies, epidemiological and pharmacovigilance studies, etc.).

Patients’ personal data include information that is necessary to conduct the studies (for example: age, gender, medical history, phenotype (set of observable characteristics such as anatomy, morphology), genotype (gene composition), etc. For processing, a distinction is made between two types of information: data used for clinical development research and data used for other types of research (fundamental research, for example).

At Sanofi, informed consent is required each time a patient participates in a clinical trial. Informed consent ensures both respect for the free participation in the study and for patients’ right to privacy and data protection consistent with the requirements of applicable law. No consent is required for adverse event cases reporting (pharmacovigilance), but the person who reports the case, most often the healthcare professional, informs the patient of the transfer of non-identifiable health data relating to him or her; this transfer is restricted to pharmacovigilance purposes and to the market authorization holder and health authorities in charge of pharmacovigilance.