Multichannel Veeva CRM and GDPR

Multichannel Veeva CRM help you manage personal data in a compliant way. This section covers how the following Veeva CRM solutions can help you with GDPR compliance: Veeva CRM, Veeva Medical CRM, Veeva CLM, Veeva CRM Approved Email, Veeva CRM MyInsights, Veeva CRM Engage, and Veeva CRM Suggestions.

Right to Be Forgotten

Veeva CRM offers all the features of the Salesforce Platform that enable you to delete customer data to comply with data protection and privacy regulations.
Learn more »

Data Portability

Veeva CRM offers you multiple ways to extract personal data. Data can be extracted via UI-driven or API-driven methods, including reports and report/dashboard APIs, data loader, Apex, SOAP and REST APIs, and third-party ETL tools. Export formats include CSV, JSON, and XML.
Learn more »

Alternatively, you can build a Veeva CRM MyInsights visualization summarizing personal data stored in Veeva CRM. This summary can be printed and exported to be shared with your customers.
Learn more »

Restriction of Processing

Records in Veeva CRM can be identified, exported, and deleted upon receiving a verified request to restrict processing. If the restriction is lifted at a later date, the records can be re-imported.
Learn more »

Data Capture Receipts

Automatically inform your customers about captured personal information via automatic transaction receipt sent by email:

  • Consent – Confirmation of captured consent automatically sent to individual by email after consent is captured.
  • Sample – Confirmation of sample transaction automatically sent to sample signee by email.
  • Medical Inquiry – Confirmation of medical inquiry transaction automatically sent to requester by email.
Learn more »

Signature Capture

Multiple processes within Veeva CRM have integrated signature capture. This provides support to collect personal data processing permissions from individuals during the data capture. Signatures are stored as proof of individual’s consent for personal data processing.

Supported processes:

  • Call Acknowledgement Signature Capture – Signature capture of the individual to acknowledge the fact of Call (discussion with representative) and products that were detailed.
    Learn more »
  • Sample Signature Capture – Signature capture of the individual to acknowledge sample, sample send/BRC and controlled substance disbursement.
    Learn more »
  • Order Signature Capture – Capture signature of the individual to confirm the Order.
    Learn more »
  • Medical Inquiry Signature Capture – Capture signature of the individual to confirm the medical inquiry.
    Learn more »
  • Contract Signature Capture – Capture signature of the individual to confirm the contract conditions.
    Learn more »
  • Medical Event Attendee Sign-in – Capture signatures of attendees of medical events to identify attendance.
    Learn more »


Veeva CRM provides proper consent management, including:

  • Consent Capture – Capture consent during a face-to-face interaction. There are multiple configuration options: communication consent (Veeva CRM native channels such as Veeva CRM Approved Email and Veeva CLM; or custom channels such as SMS, mail, portal, marketing programs, etc.), data privacy / storage consent, double opt-in, etc.
  • Consent Receipts – Confirmation of captured consent automatically sent to the individual by email after consent is captured.
  • Veeva CRM Approved Email Consent – Consent capture embedded into Approved Email functionalities: preventing sending emails for not-consented or opted-out recipients, consent capture from Approved Email sending dialog, unsubscribe links in the emails.
  • CLM Consent – Control tracking of CLM activities against individuals. Flexible configuration options: tracking activity, not tracking any activity, anonymous tracking.
  • Sample Consent – Sample Consent embedded into Sampling functionality: capture of consent to receive samples during a period of time, automatic control of sample disbursement to only consented individuals.
Learn more »

Data Security

Veeva has an Information Security Management System (ISMS) and maintains current ISO 27001 and 27018 certifications.

Veeva is continually reviewing its security measures for enhancements, including as part of its GDPR Compliance Program.

Breach Notifications

Veeva has a data breach management policy and a security team in place to identify violations and to ensure correct and timely action. If Veeva becomes aware of a data breach, it will contact the customer(s) affected within 72 hours.

Privacy by Design

Veeva has established privacy by design and privacy by default policies and controls for all products.