Data Privacy & Protection

Our data privacy framework is built on strong governance

Protecting participant data is fundamental to ethical, transparent, and compliant clinical research.
At Xcene Research, we uphold the highest standards of data privacy, information security, and regulatory compliance across all the countries in which we operate. Our approach integrates global data-protection frameworks such as GDPR, ISO 27001, and ICH-GCP, with local regulatory mandates, including Nigeria’s Data Protection Regulation (NDPR), Kenya’s Data Protection Act (2019), Ghana’s Data Protection Act (Act 843), South Africa’s POPIA, and Zambia’s ICT regulations.

We view data protection not merely as compliance, but as a reflection of our ethical duty to protect every participant’s dignity, rights, and trust.

How Xcene Research delivers

Our data privacy framework is built on strong governance, secure infrastructure, and continuous accountability, ensuring full compliance with local and international regulations while maintaining operational efficiency.

  1. Governance & Oversight:
    Xcene Research operates under a formal Data Protection and Information Security Governance Framework led by a registered Data Protection Officer (DPO). The DPO oversees data-protection registration, regulatory engagement, and internal audits, working closely with authorities such as NITDA (Nigeria), NAFDAC, and regional data-protection commissions. Through Data Protection Impact Assessments (DPIAs) and continuous monitoring, we ensure that all data processing activities are lawful, ethical, and well-documented.
  2. Regulatory Compliance:
    We comply with national and regional data-protection laws in every country of operation, as well as international standards including GDPR and ISO 27001. Our procedures are designed to align with NDPR Implementation Guidelines, ensuring that data processing, storage, and transfer are governed by lawful bases, with breach notifications and risk assessments submitted within mandated timelines. Where cross-border data transfer occurs, Standard Contractual Clauses (SCCs) and Data Transfer Agreements (DTAs) are applied to ensure transparency and legality.
  3. Information Security & Systems Controls:
    Our digital infrastructure is secured through validated systems such as Electronic Data Capture (EDC), Clinical Trial Management System (CTMS), and electronic Trial Master File (eTMF) all fully 21 CFR Part 11 compliant. We apply AES-256 encryption, multi-factor authentication, and role-based access controls to ensure data confidentiality and integrity. Periodic vulnerability scans and penetration testing by certified cybersecurity partners further strengthen our information-security posture.
  4. Training & Awareness:
    All employees, investigators, and third-party vendors undergo mandatory data-protection and cybersecurity training during onboarding and annually thereafter.
    Training modules cover NDPR and GDPR principles, incident-response procedures, and sponsor-specific data-handling requirements. By cultivating a compliance-first culture, Xcene Research ensures that every stakeholder is equipped to handle sensitive information responsibly.
  5. Participant Rights & Informed Consent:
    Participants are fully informed, through ethics-approved consent documents, about how their data will be collected, stored, used, and shared.
    We ensure clear communication in culturally relevant language, guaranteeing that participants understand their rights including the right to access, rectify, restrict, or withdraw consent in accordance with NDPR, GDPR, and POPIA.
  6. Auditing, Documentation & Continuous Improvement:
    Our Quality Assurance (QA) and DPO teams conduct regular internal audits and privacy assessments to verify compliance. Findings are tracked through Corrective and Preventive Action (CAPA) systems, ensuring continuous improvement and readiness for sponsor, regulatory, and ethics inspections.

Our Commitment

At Xcene Research, we believe that data protection is synonymous with participant protection.
Through governance excellence, regulatory alignment, and secure technologies, we ensure that every dataset entrusted to us is handled with precision, confidentiality, and accountability.

By combining local regulatory fluency with global data-management standards, we provide sponsors with full confidence that their studies are compliant, ethical, and audit-ready across Africa.

“At Xcene Research, data protection is more than policy. It is our promise of trust, transparency, and respect for every participant and sponsor we serve.”