Skandor Advisory provides senior-led regulatory judgment to executives navigating the convergence of GDPR, the EU AI Act, and pharmaceutical governance obligations. Independent. Discreet. Proportionate.
The firms that build your systems have a vested interest in telling you they are compliant. Your auditors cannot advise you. Your legal counsel provides opinions, not operational judgment. Your internal team cannot provide the board with independent assurance on their own work.
Skandor exists in the space none of those parties can occupy — independent, senior-led advisory built from over a decade of operational experience inside global pharmaceutical organisations.
How Skandor Advisory Works
Skandor Advisory was founded by a senior privacy and AI governance leader with over a decade of operational experience inside global pharmaceutical organisations including Roche and Alnylam Pharmaceuticals, where they served as interim Global Data Protection Officer and as a member of the AI Governance Council.
That experience — running DPIAs across R&D, Digital, and Commercial functions; embedding privacy into AI deployment processes; managing regulators and internal boards — is the foundation of every Skandor engagement. The judgment here was not formed in a consulting practice. It was formed in the room where decisions were made.
The transition to independent advisory is deliberate. Executives and boards navigating privacy and AI governance in pharma need advisors who have lived the complexity they now face — not theorists who have studied it from the outside. Skandor provides that perspective without the conflicts of audit mandates, technology sales, or implementation engagements.
Engagements are principal-led from first conversation to final deliverable. No junior teams, no methodology exercises, no branding exercises. Only considered, proportionate judgment brought to bear on the specific regulatory question in front of you.
Fellow of Information Privacy (FIP)
IAPP
Certified Information Privacy Manager (CIPM)
IAPP
Certified Information Privacy Professional / Europe (CIPP/E)
IAPP
AI Governance Professional
IAPP
OneTrust Certified Privacy Professional
OneTrust
Prince2 Project Management
AXELOS
Sector Experience
Global pharmaceutical R&D · Digital health · Clinical data governance · GDPR Article 9 special category data · Cross-border data transfers · AI in drug development and commercialisation
Advisory Engagements
Each engagement is designed for a specific point of regulatory pressure. All are principal-led, fixed in scope, and calibrated to what your regulator — and your situation — actually requires. Every engagement begins with a direct conversation about the specific question in front of you.
01
€25,000 – €45,000 · 3–4 weeks
An independent assessment of whether your AI governance framework is defensible under EU AI Act scrutiny — and whether your board has adequate visibility of AI risk. Designed for pharmaceutical and life sciences organisations deploying AI in clinical, commercial, or operational pathways.
Scope includes
02
€150,000 – €500,000 · 3–9 months
Senior advisory embedded into transformation programmes — digital platform deployments, AI tool integrations, cloud migrations, EHDS data sharing arrangements — ensuring GDPR obligations, AI Act conformity, and clinical governance are managed as integrated risk, not addressed after the fact.
Scope includes
03
€100,000 – €250,000 · Annual retainer
Sustained senior advisory for boards, audit committees, and C-suite executives on privacy and AI governance accountability. Provides the independent perspective internal teams cannot offer on their own work — and the preparedness that regulators increasingly expect to see evidenced at the top.
Scope includes
Regulatory Environment
Pharmaceutical and life sciences organisations in Europe are operating at the intersection of multiple simultaneous regulatory frameworks — each demanding senior attention, none of which can be addressed in isolation.
The EU AI Act classifies most clinical and patient-facing AI applications as high-risk, with mandatory conformity obligations and board-level accountability provisions now in force or becoming enforceable. GDPR's Article 9 protections for health data have never been more actively scrutinised. The European Health Data Space is creating new obligations around secondary data use that most organisations have not yet fully assessed. And EMA's emerging guidance on AI in drug development is beginning to shape what regulators will expect to see evidenced internally.
The organisations best positioned in this environment are those with the clearest senior judgment about which risks are material, which obligations are defensible, and which regulatory positions will withstand scrutiny. That judgment is what Skandor provides.
Regulatory Frameworks
| EU AI Act | High-risk classification for clinical AI, conformity assessment obligations, board-level accountability provisions. Enforcement ramping through 2025–2026. |
| GDPR Art. 9 | Special category health data obligations across R&D, commercial, and digital health functions. Enforcement intensifying across EU member states. |
| EHDS | European Health Data Space regulation creating new secondary use obligations. Implementation timelines now active across member states. |
| EMA Guidance | Emerging EMA expectations on AI in clinical trials, pharmacovigilance, and drug development — increasingly shaping supervisory expectations. |
| National Laws | Material variation in health data law across EU member states requires jurisdiction-specific analysis for cross-border operations. |
Who We Work With
Not organisations in the abstract. The personal accountability that the EU AI Act and GDPR place on senior individuals is real. Every Skandor engagement is with a named executive or board member, and every recommendation is calibrated to their specific position and exposure.
Chief Privacy Officers & DPOs
Global pharma · Life sciences · Digital health
Chief Compliance Officers
Regulated EU pharmaceutical operations
Chief Digital & Data Officers
AI deployment · Data platform transformation
Board Members & NEDs
Audit committee · Risk & governance oversight
General Counsel
Needing operational judgment alongside legal opinion
Founders & CEOs
Regulated digital health and life sciences scale-ups
Why Skandor
Skandor was designed to occupy the space that auditors, law firms, and consulting practices cannot: genuinely independent, operationally experienced, and senior-led from first contact to final deliverable.
No audit relationships. No technology sales. No implementation mandates. Skandor's only product is judgment — which means the advice you receive has no financial interest attached to any particular outcome. That structural independence is the condition for honest regulatory counsel.
A decade inside global pharmaceutical organisations — running the programmes, executing the DPIAs, managing regulators, and sitting on the AI Governance Council — means Skandor's advice is grounded in operational reality. Proportionate, practical, and defensible because it reflects how these questions actually arise in practice.
Not every regulatory question requires a remediation programme. Skandor helps executives find the defensible position — and distinguish between risks that require action and risks that require documentation. That calibration is as valuable as any technical analysis.
Skandor operates quietly alongside leadership. Engagements do not begin with stakeholder mapping or internal announcements. The questions that reach Skandor are, by nature, sensitive — and are treated accordingly. Client relationships are never disclosed.
If you have a privacy or AI governance question that requires experienced senior judgment — and that your internal teams, auditors, or legal counsel are not positioned to answer independently — we would welcome hearing from you.
contact@skandoradvisory.com →All enquiries treated in confidence · Principal-led from first contact
Initial conversation
A direct, confidential discussion of your regulatory question — no engagement required, no fee for the initial call.
Scoped proposal
A precise written scope, timeline, and fee — proportionate to the question, not padded to the budget.
Principal-led delivery
Every engagement is led by the Skandor principal. No handoffs to junior teams, no methodology exercises.
A defensible position
The deliverable is always the same: clarity on where you stand, and a position you can articulate to your board and your regulator with confidence.