Since 2021 we have received many inquiries (GDPR Europe) from USA and Asian based pharma and life sciences companies. They plan to access the market in Europe or want to expand their EU business.
To expand or to start business in Europe, there are two important strategic topics:
- Processing personal data according the EU privacy direction (GDPR). This differs from other continents. In the EU you are required to have prior consent (opt-in) for promotional communication with healthcareprofesionals.
- The way EU HCPs want to get in touch with pharma and life sciences companies is rapidly changing from only sales reps’ visits to an omni-channel approach.
Do you want to know more about our special services to execute your go to market and or expansion? Please contact us!
Pharma – Data – Digital – GDPR Europe
Our company is rapidly growing internationally across the EU, and works together with several players in the field of pharma, data, digital, GDPR and customer experience.
We strongly believe that organizations that process personal data both responsibly and relevantly are the winners of the future. This is because these organizations build strong and honest relationships by putting people and their data at the heart of what they do.
Individual consent and preference management
By asking individual people for their needs and asking for their consent (opt-in), you let them decide what to do with the data. And you comply with the regulations of the GDPR Europe.
Control over personal data
People are more willing to share their data with these types of organizations. These individuals will perceive trust by keeping control over their own personal data. Further, you know what they want and can give them what they want.
What we do
Personal data & e-consent platform
We provide organisations with a state-of-the-art technology solution for relevant and compliant personal data utilisation. We cooperate with our partners—leaders in specific industries.
Powered by OptInsight
Our ambition is that people who share their personal data with organisations that use the OptInsight platform, have full confidence in sharing their preferences and needs
Why we do it
Enabling personal data utilisation
Personal data belongs to the people who share this data with organisations. We believe that the value this data represents should be shared equally, and treated relevantly and responsibly.
Frequently Asked Questions
about GDPR Europe
Under the General Data Protection Regulation (GDPR), consent refers to any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
For consent to be valid under the GDPR, it must meet several requirements:
- 1. Freely given: Consent must be voluntarily given and must not be obtained through coercion or deception.
- 2. Specific: Consent must be given for a specific purpose and must cover all processing activities for which the data will be used.
- 3. Informed: Individuals must be adequately informed about the processing of their personal data, including the purpose, the identity of the controller, and their rights.
- 4. Unambiguous: Consent must be clear and unambiguous, and must not be hidden in long terms and conditions or other legal agreements.
- 5. Easy opt-out: consent must be as easy withdrawn as it was obtained.
Organizations must be able to demonstrate that they have obtained valid consent from individuals, and must be able to show what information was provided to individuals at the time of obtaining consent. Consent can be withdrawn at any time, and organizations must provide a simple mechanism for individuals to withdraw their consent.
The General Data Protection Regulation (GDPR) is a regulation of the European Union that sets out the rights of individuals regarding their personal data and the responsibilities of organizations that process this data. The key provisions of the GDPR include:
- 1. The right to be informed about data collection and use.
- 2. The right of access to personal data.
- 3. The right to rectify inaccurate or incomplete data.
- 4. The right to erasure in certain circumstances.
- 5. The right to restrict processing.
- 6. The right to data portability.
- 7. The right to object to data processing.
Organizations that process personal data of individuals in the EU must comply with the GDPR and can face significant fines for non-compliance.
In the case of the US, the European Commission has not made a determination of adequacy for the country as a whole. However, some specific frameworks, such as the EU-US Privacy Shield, provide a mechanism for companies to transfer personal data from the EU to the US in compliance with the GDPR. To participate in the Privacy Shield, companies must self-certify their compliance with the Privacy Shield framework and regularly re-certify their compliance.
Organizations can also transfer personal data to the US under the GDPR by using standard contractual clauses, which are model contract clauses that have been approved by the European Commission as providing adequate protection for personal data.
There have been recent developments that suggest that changes to the GDPR are likely in the future. For example, the European Commission is currently working on a proposal for a new regulation, the ePrivacy Regulation, which would complement the GDPR and provide additional protections for the processing of electronic communications data.
Additionally, there are ongoing efforts to harmonize data protection laws across the EU and to improve the enforcement of the GDPR. These efforts may lead to changes in the interpretation and application of the GDPR by the European courts and national data protection authorities.
US companies that offer goods or services to EU individuals or that monitor their behavior must comply with the GDPR. The GDPR sets out specific obligations for organizations that process personal data, including the requirement to have a legal basis for processing personal data, to implement appropriate technical and organizational measures to protect personal data, to provide individuals with specific information about their personal data, and to respond to individuals’ requests regarding their personal data. US companies that are subject to the GDPR must appoint a representative in the EU if they do not have a presence in the EU, and must appoint a data protection officer (DPO) if their processing activities require regular and systematic monitoring of individuals or if they process sensitive personal data on a large scale.