Veeva OpenData and GDPR

Veeva OpenData offers rigorously verified and continuously updated local customer reference data, delivered with a standard, worldwide approach to data structure and quality. Designed with a global view, Veeva OpenData provides a single global identifier to accurately track and report aggregate spend and enable GDPR compliance with an approved and consistent data validation process. Veeva plays a Data Controller role for our Veeva OpenData and Veeva Link data products.

Individuals’ Rights

Veeva has a clear policy and process to notify HCPs on data collection information and respond to requests from individuals to exercise their existing rights, such as their right to access their personal data or object to the processing of their personal data.

Veeva has processes to respond to requests from individuals to exercise their rights under GDPR, including rights of restriction, erasure, and data portability.

Data Accuracy

Veeva OpenData has ongoing maintenance processes and quality measurement to ensure accurate data is collected.

Data Minimization

Veeva only collects individuals’ data for the purpose of operating our business and does not collect or store any data not intended by the purpose of collection.

Data Security

Veeva has appropriate technical and organizational security measures in place to protect personal data.

Veeva has an Information Security Management System (ISMS) and maintains current ISO 27001 and 27018 certifications.

Veeva is continually reviewing its security measures for enhancements, including as part of its GDPR Compliance Program.

Breach Notification

Veeva has a data breach management policy and a security team in place to identify violations and to ensure correct and timely action. If Veeva becomes aware of a data breach, it will contact the customer(s) affected within 72 hours.

Privacy By Design

Veeva incorporated privacy into the initial design of Veeva OpenData and provides default options for data protection.

Learn more about Veeva OpenData