Brainomix is a medical technology spin-out from the University of Oxford, founded in 2010. Its mission is to empower clinicians to make better treatment decisions through the use of novel AI-powered imaging biomarkers and software solutions.  

Brainomix logo

One in two UK hospitals use Brainomix in their work with stroke patients. The AI technology helps clinicians interpret brain scans to identify patients who need urgent treatments or transfer to a specialist hospital. It also facilitates the secure sharing of brain scan images across hospitals, helping to reduce door-in/door-out times and contributing to a threefold improvement in patient outcomes. 

Playing a prominent role within a strategic network of NHS hospitals, clinical leaders, industry experts, world-leading researchers and charities, Brainomix is dedicated to driving innovation in the UK’s AI sector. 

In brief

  • Developing cutting-edge technology in a highly-regulated industry, Brainomix recognised the need for the highest levels of data protection to aid its continued strong growth. 
  • NormCyber’s data protection service (DPaaS) came highly recommended and endorsed by Brainomix’s CFO, who had previously adopted the service at two of her past companies with great results. 
  • With NormCyber on board, Brainomix has the utmost confidence in its data protection policies and processes, and the operational efficiencies gained help its fast-growing team increase productivity and competitiveness. 

The challenge

Oxford-based Brainomix has gone from strength to strength over recent years. Following a funding round in 2021, it doubled its headcount in 2022 and established itself as the de-facto European leader in AI-powered brain imaging technology, with a presence in 30 countries. These operations require Brainomix to securely collect, store and share patient data between clinicians and hospitals, while complying with varying and complex data protection regulations. Compliance is business-critical for Brainomix, since the healthcare organisations it partners with have a heightened responsibility to safeguard patient and employee data.  

Now, as the company was preparing for large-scale expansion, its data protection duties – and the pressure on its in-house regulatory team to handle these tasks – have grown manifold.  

Brainomix was not only expanding its geographic footprint by launching operations in the US, it was also beginning to broaden its scientific remit to develop AI solutions for lung disease treatment. This involves leveraging data for new services and R&D purposes governed by strict and fast-evolving regulations such as HIPAA and GDPR in the EU and UK. It also requires Brainomix to create new frameworks – for example, where US employees would access UK data, the right inter-company agreements need to be in place. The new data protection regime would also need to be conscious of various US state-based differences that influence how specific hospitals can partner with technology providers.  

To navigate the challenge of increasing data volumes, geographically varying regulatory complexities and huge risk for reputational damage, the company’s CFO, Melissa Strange decided to enlist NormCyber’s data protection services. 

“Data is at the heart of everything we do at Brainomix,” Melissa explains. “So, when our growth necessitated a more robust data protection strategy, we decided to do it the right way, with experts on our side. This would allow us to establish a gold standard in how we handle data, demonstrate compliance to our customers and peers, and future-proof our operations.” 

The solution

Selecting NormCyber was a no-brainer for Brainomix and Melissa, who had previously worked with the DPaaS team led by Robert Wassall, NormCyber’s Director of Legal Services.  

Melissa says: “I first came across norm. in 2018. My organisation at the time needed support around GDPR legislation, and we were impressed with the simplicity with which Robert and his team cut through the noise. His pragmatic approach and background in law was a great reassurance and norm. quickly became a massive asset for the organisation. When I changed roles, I knew I just had to have the team by my side again. In fact, Brainomix is the third company where I introduced norm. and it continues to prove its worth.” 

NormCyber’s DPaaS offering brings together the legal, regulatory, and cyber security expertise that modern businesses need to overcome today’s data protection challenges. The service gives Brainomix:  

  • a clear understanding on where and how well the company meets regulatory requirements and ICO expectations 
  • recommendations for actions to take to improve compliance 
  • ongoing guidance to help make any improvements.  

This is supported by access to a library of templated documentation, monthly and annual progress reports and staff data protection training.  

The benefits 

With NormCyber acting as its strategic partner, Brainomix can be confident in its data protection compliance even as it continues to scale, all without regulatory concerns curtailing its advancements. Decision-makers can rest assured that all data is obtained, used and protected in accordance with the law, and – through regular communication and bite-sized advice bulletins from norm. – stay up to date on data protection best practices and constantly evolving regulations. 

norm. has given us clarity in where we are with our data protection and information security health, and where we need to be as we reach new levels of growth,” says Melissa. “Robert and his team are extremely knowledgeable and happy to work around our needs in a mindful and pragmatic manner, which makes them feel truly part of our team.” 

Looking at the future, Brainomix is focused on further building on its data protection foundations by establishing a cross-departmental group of data protection champions. As Melissa explains, “Data protection is far from being a box-ticking exercise for us – we see it as a real business-enabler, which is why we believe it must be everyone’s responsibility within the organisation. At the same time, it should not be a burden. norm. understands this, and we are positive that with the team’s support, we will unlock more productivity and competitive potential through our data. We can’t wait to see what the future holds!”