German Podcast Episode #219: Rahuls Schlüsselerfolge als Senior IT Counsel seit 2010

Neha: Welcome back to our mini-series on IT
legal risks! Today we're delving into Rahul's work at his former
employer – a clinical trial platform provider. Rahul, we both
know projects like DeepMind's NHS cooperation in 2017 showed how
quickly data protection violations can escalate in AI health
projects. How did you specifically address these
risks?  


Rahul: Good point, Neha. This exact case was an
important precedent for us. For every AI implementation, we
ensured patients were comprehensively informed about data
processing through AI – not just generally, but specifically
about algorithm use. This went far beyond standard
consents.  


Neha: Interesting! But data protection is only
one aspect. With IBM Watson for Oncology, we saw how fragile
trust in AI recommendations can be. How did you secure liability
risks when AI systems overlook safety incidents?  


Rahul: Excellent question. We triple-secured
this: First through specific liability clauses with AI
developers, second through special cyber insurance for AI errors,
and third – crucially – indemnity regulations in trial contracts.
This made sponsors liable if our platform operated correctly per
protocol.  


Neha: That reminds me of the Theranos scandal
where regulatory compliance was grossly neglected. How did you
reconcile medical device regulations like EU MDR
2017/745?  


Rahul: Good analogy! We early on classified it
as a medical device – similar to Viz.ai with their FDA-approved
stroke detection AI. For diagnostic AI functions, CE marking
according to Class IIa was mandatory. Without this clarity,
authorities like EMA or FDA could have stopped our
trials.  


Neha: Fascinating! A listener recently asked
about international data flows – keyword Schrems II. How could
you guarantee GDPR-compliant data transfers?  


Rahul: Through multi-layered safeguards:
Standard contractual clauses, additional technical protective
measures, and ethics approval before any data transfer.
Particularly important was prior consultation with supervisory
authorities under GDPR Article 36 for high-risk
projects.  


Rahul: Finally, I want to emphasize: The key lay
in proactive communication with all stakeholders – from ethics
committees to PEI. Only through this comprehensive compliance
architecture could we combine innovation with legal
security.  


Neha: Thank you for these deep insights! Next
week we'll analyze contract design in cloud infrastructure
projects. Until then!





Read German Text here:
https://docs.google.com/document/d/1oEspwKpwMcjlN5BkId5-KTNIs7pywqDbp8g1lYnU2fg/edit?usp=sharing