Veeva OpenData and GDPR

Veeva OpenData offers rigorously verified and continuously updated local customer reference data, delivered with a standard, worldwide approach to data structure, and quality. Designed with a global view, Veeva OpenData provides a single, global identifier to accurately track and report aggregate spend and enable GDPR compliance with approved and consistent data validation process. Veeva plays a Data Controller role for Veeva OpenData and Veeva Oncology Link data products.

Read the blog: Customer Engagement – You Don’t Have 10 Days to Get it Right.

Individuals’ Rights

Veeva has policies and a process to notify HCP on data collection information and to respond to requests from individuals to exercise their existing rights, such as their right to access their personal data or object to the processing of their personal data.

Veeva has processes to respond to requests from individuals to exercise their rights under the GDPR, including rights of restriction, erasure, and data portability.

Data Accuracy

Veeva OpenData has ongoing maintenance processes and quality metrics measurement to ensure accurate data is collected.

Data Minimization

Veeva is collecting individuals data only for the purpose of his business and do not collect or store any data not intended by the purpose of collection.

Data Security

Veeva has appropriate technical and organizational security measures in place to protect personal data.

Veeva has an Information Security Management System (ISMS) and maintains current ISO 27001 and 27018 certifications.

Veeva is continually reviewing its security measures for enhancements, including as part of its GDPR Compliance Program.

Breach Notification

Veeva has a data breach management policy and a security team in place to identify violations and to ensure correct and timely action. If Veeva becomes aware of a data breach, it will contact the customer(s) affected within 72 hours.

Privacy By Design

Veeva is incorporating privacy into the initial design of Veeva OpenData and providing default options for data protection.