Case Study: Parexel

PAREXEL, a multinational life sciences consulting firm, conducts clinical trials on behalf of its pharmaceutical clients to expedite the drug approval process. Founded in 1982 and headquartered in Boston, PAREXEL operates in 95 countries and has provided clinical and technology services for more than 12,800 projects in over 20 therapeutic areas.

PAREXEL develops GPDR-compliant system for HR and payroll

PAREXEL, a multinational life sciences consulting firm, conducts clinical trials on behalf of its pharmaceutical clients to expedite the drug approval process. Founded in 1982 and headquartered in Boston, PAREXEL operates in 95 countries and has provided clinical and technology services for more than 12,800 projects in over 20 therapeutic areas.


As part of its work, PAREXEL processes both personalized and pseudonymized client data. For example, clinical trials have personalized data which is clearly identifiable, and this data is then pseudonymized and sent onto the next phase of a clinical trial. Alongside client data, PAREXEL processes personal employee data, including that of 17,500 members of staff across 84 offices globally.

Challenges and Goals:

The General Data Protection Regulation (GDPR), which comes into effect from 25th May 2018, brings numerous challenges to organisations that handle the data of EU citizens. In an increasingly digital world, ensuring that data is stored, processed and destroyed correctly can be problematic – particularly for an international company.

PAREXEL, like all organisations that handle the data of EU customers, needed to become GDPR compliant ahead of the May deadline. PAREXEL required a procedure for dealing with requests from existing or potential employees, including right of access, right of correction, right of erasure, and right of data portability, among others.

PAREXEL also needed a system for managing and issuing requests, and ensuring that the HR and payroll team could validate the identity of the requestor. Alongside this, the PAREXEL team wanted to assign owners to each category of data, to make it easier to manage data requests.


SD Worx, a global HR and payroll service provider, worked with PAREXEL to implement a GDPR compliance strategy.

In addition to PAREXEL’s long-term goal of ensuring GDPR compliance for client and employee data in every country, there were also fundamental challenges that needed to be addressed, particularly in the way its HR system handled employee and customer data. These included:

  1. Software register When it came to dealing with the data rights of employees, PAREXEL required a detailed software register for all employee and customer data. The team reviewed its current data and split it into categories, assigning a data owner for each category. Category examples include payroll and employee benefits data, employee performance data, and the recruitment data of candidates.
    Once the categories were in place and the data was organised, the PAREXEL team could set up frequent reviews (whether weekly, monthly, or annual reviews) to ensure that is the data is destroyed when necessary— avoiding potential sanctions.
  2. Intranet page Alongside the detailed software register, PAREXEL’s HR and payroll department worked closely with its IT team to develop a GDPR intranet page. The page acts as an educational and informative resource for employees, helping them to understand exactly how their data rights are changing, and the new company policies that are to be implemented in response.
    A system was also introduced to ensure that every HR professional in PAREXEL completes GDPR online training via the PAREXEL learning management system. PAREXEL also set up Standard Operating Procedures (SOPs) that define the process for handling data requests of employees.
  3. Data retention strategy Based on the data register that the organisation develops, PAREXEL’s HR and payroll departments listed the exact reasons for keeping the data. These include but are not limited to: legal minimum retention periods; liability as an employer; and services you deliver to employees based on the data.
  4. Integrating security Although GDPR does not enforce specific, normative security measures, it does introduce more risk management principles into the privacy world. Due to this, PAREXEL assessed its risks and developed an integrated security plan.
    The PAREXEL HR and payroll team collaborated with its IT team to protect confidential information, including employee and patient/customer data, throughout all communications. For example, PAREXEL designed and implemented an online pop-up for external emails, warning members of staff that they might be sending confidential patient data to a third party.




By working with SD Worx, PAREXEL has developed a data software register, data retention strategy, and intranet page, to ensure GDPR compliance ahead of the May deadline. With PAREXEL’s completed data register, its HR and payroll department can now understand where their data came from, why they need it, and when it should be deleted.

How we helped PAREXEL protect loads of employee data in compliance with the new privacy regulations

As a result of the new European privacy regulations – also known as GDPR – EU companies need to handle personal data differently. This also goes for data related to employees and jobseekers, such as information about payroll and employee benefits, contracts and résumés. Our collaboration with PAREXEL showcases how we help our customers in this respect. In addition to information about clients and clinical trials, the Clinical Research Organisation also handles the data of over 17,500 employees in 84 countries. Ensuring GDPR compliance before 25 May 2018 was a challenging task.

Where IT meets HR SD Worx assisted laying the foundation for an HR and Payroll system that can handle and register Employee data in compliance with the new privacy regulations in every country where PAREXEL is present. In preparation of GDPR, PAREXEL refined its existing software register that enables the company to safely accommodate all types of data while SD Worx helped establish a clear strategy to determine what kind of data needs to be registered where and for how long.

Everyone on board “We realised we needed to involve our Senior Managers and Employees in the GDPR compliance project as closely as possible”, comments Frank Rudolf, Director of Payroll at PAREXEL. “To do so, we used our existing dedicated intranet platform where our people can learn more about the importance of the new privacy regulations. On that platform, they also discover how we, as an international Company, make sure their data rights are respected from A to Z.”

To read more about GDPR, including our statement, click here. SD Worx aims to give guidance and provide news on this historic legislation from an HR and Payroll stand point which will impact businesses across the globe. For more information please visit our GDPR Page or, please email

Get in Touch with Payroll Services Alliance

    Keep me updated with Payroll Services Alliance news. Unsubscribe at any time.

    Latest news from around the globe

    How a Brexit deal will affect HR in your company

    With the Brexit negotiations still up in the air, ...

    1 May 2019 HR
    Artificial Intelligence in payroll & HR: Are you ready for the impact of AI?

    If you don’t already interact with some type of ...

    18 March 2019 HR Payroll
    Merry Christmas from the Payroll Services Alliance

    It’s been a busy year for the Payroll Services A...

    21 December 2018 Uncategorized
    What HR and payroll teams are asking for this Christmas

    2018 has been a tough year when it comes to compli...

    13 December 2018 HR Payroll