How does Veeva Network help life sciences companies to comply with GDPR?

The General Data Protection Regulation’s (GDPR) main objective is to strengthen the protection of “personal data” by expanding and adding new rights for EU individuals. For life sciences companies, it is crucial to set up the right processes and have the right master data management (MDM) solution to be able to quickly respond to individual requests and comply with the new regulations.

How can Veeva Network help with GDPR compliance? What capabilities are required to comply?
In a previous blog, we explained how having accurate and clean customer master data is an essential starting point to be GDPR-compliant and gave a few examples on the impact of a lack of master data governance on key GDPR requirements.

Let’s now consider a few examples of how Veeva Network can help life science companies to comply with GDPR:

Data Integration
Veeva Network has extensive functionalities to integrate master data from various up and downstream systems within a single global repository. By integrating master data from applications like CRM and ERP, along with other external sources of data, Veeva Network creates an authoritative version of the truth for the customer master data to be used across your application landscape. The process to create the authoritative version of the customer includes matching to existing records, merging duplicate records, and assigning a globally unique master data identifier to each record. As a part of this process, Veeva Network keeps track of identifiers provided by each data source and provides a view of the data lineage so that you can see how a source contributed to the current version of the record.
How does that help with GDPR compliance? Well, eliminating duplicate records and being able to identify the right HCP records across all business applications is essential to respond timely and correctly to requests for “right to erasure” or “right to access”.

Removal and De-identification of Personal Data
When it comes to removing or anonymizing personal data, Veeva Network has dedicated functionality to do this in a safe, controlled, and compliant way. This type of functionality is especially important because customer master data processed in Veeva Network does not exist in isolation but is integrated with other applications.
Just deleting the data from one place is not good enough. Removal or de-identification of personal data can be required if an HCP exercises their ”right to erasure” or if HCPs are not targeted anymore by the life science company (“storage period limitation”).

Data Governance and Stewardship
Veeva Network provides data governance workflows, which means that when data stewards verify changes requested by a sales rep in the field, each modification is tracked in a revision history. In addition to reacting to data change requests, data stewards can also proactively monitor and manage data accuracy via pre-configured data quality reports. This allows life science companies to make sure customer master data with high quality, accuracy, and currency is used across their business applications. Veeva Network is also natively integrated with Veeva CRM and OpenData. Any change requests get processed in less than a day so that the field force is using compliant and accurate data. The ability to respond quickly, completely, and correctly to “right-to-erasure” requests is crucial to meet the timelines dictated by GDPR. This will only be possible if your MDM, data, and CRM solutions work hand in hand.