Veeva Vault and GDPR
Veeva Vault is a platform that provides a set of software applications across both commercial and R&D functions. Each application provides a base framework configuration, which life sciences companies then populate with data and documents – this means Veeva Vault acts as a Data Processor. Veeva Vault has been designed to protect personal data and supports GDPR product obligations as a Data Processor.
Duration of Data Processing
Data is processed for as long as a customer has a contract with Veeva and requires the data to be retained. The ability to delete all customer data in a Vault is available at any time a customer requests this, as per the contract.
Learn more »
Data Access on Vault
Vault users can view and edit (with restrictions) their user information at any time once logged in.
When data is collected from individuals who are not Vault users, it is your responsibility to make such individuals aware of what data will be collected and processed.
If an individual submits an access request to you to understand the data that is being stored within Vault on him / her, Veeva can provide a copy of that data, in an electronic format, within 20 business days.
You can authorize any other third-party data and document integrations with Vault.
Right to Be Forgotten
If an individual submits a “right to erasure” request to a Veeva customer to have their data deleted from a Veeva database, then the Veeva customer has the following options:
- Process the data deletion themselves: Vault users can remove data at any time within the security controls configured by our customers.
- Request that Veeva deletes that data: If a Veeva customer requests Veeva’s assistance in the removal of subject data, Veeva will respond to such requests within 20 business days.
Veeva has a data breach management policy and a security team in place to identify violations and to ensure correct and timely action. If Veeva becomes aware of a data breach, it will contact the customer(s) affected within 72 hours.