Notification of serious or repeated non-compliance with good clinical practice in clinical trials

Updated 07 April 2021

Serious or repeated non-compliance must immediately be notified to the Danish Medicines Agency under section 5(8) of the Danish executive order on GCP. The sponsor must make sure that any such non-compliance is notified.

Serious non-compliance

Serious non-compliance is a deviation which may affect the trial subjects' safety or rights or the data credibility.

The following list includes examples of non-compliance, which the Danish Medicines Agency expects to be reported:

  • The investigator or other involved parties (e.g. the Contract Research Organisation – CRO) has not reported SAEs (serious adverse events) or SUSARs (suspected unexpected serious adverse reactions), and this lack of reporting can influence the safety profile of the product.
  • Substantiated suspicion (e.g. after completed audit) on manipulation of data (fraud).
  • Systematic deviations, such as errors in connection with the informed consent process, randomisation, blinding procedure, adverse reaction assessment, reporting, etc.
  • Systematic deviations across sites.
  • Dosage errors, e.g. based on misinterpretation of laboratory data, miscalculations, etc.
  • The sponsor stops the trial, e.g. while potential safety issues are investigated.
  • The sponsor decides to close down a site out of consideration for trial subject safety or data quality.

Repeated non-compliance

Repeated non-compliance is deviations occurring despite corrective and preventive action, and which are collectively believed to potentially influence trial subject safety or rights or the data credibility.

Notification to sponsors and investigators affected by cyber attacks affecting clinical trial data

In connection with several recent cases of cyber attacks on systems holding data from clinical trials, the Danish Medicines Agency calls attention to the following:

We expect affected sponsors to assess, on the basis of the information received (e.g. from the contract organisation) and own follow-up investigations, whether the security flaw falls under the sponsor’s statutory responsibility to report serious non-compliance as stipulated in section 5(1)(viii) of the executive order on GCP and in the affirmative to promptly report the breach. The report must be updated regularly if new significant information is received.

If the attack concerns the systems that the investigator is responsible for (e.g. patient records, electronic Trial Master File, etc.), we expect the investigator to promptly inform relevant sponsors to ensure the concerned sponsors can fulfil the above-mentioned obligation of reporting serious non-compliance. 

The fulfilment of the obligation may be the subject of future inspection.