Why work with
- Proven approach with regard to HCP personal data protection in practice
- Experienced in commercial effectiveness and SFE
- Precision targeting led to an increase of market share of ≈5% in less than one year in areas where competitor sales were high
- Scalable offering, which can be tailored based on your launch planning in Europe
- Proven digital solutions that are easy deployable to accelerate trusted reach
- We created 100 thousands of touch points with HCPs via web, social media, phone calls for multiple clients to enter EU
- Supporting multiple clients with (digital) marketing entry in Europe
- Experienced and dedicated team fully focussed on pharma, committed to your goals
- You can choose to partly use our capabilities or outsource the entire process to us
Frequently Asked Questions
about GDPR Europe
Under the General Data Protection Regulation (GDPR), consent refers to any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
For consent to be valid under the GDPR, it must meet several requirements:
- 1. Freely given: Consent must be voluntarily given and must not be obtained through coercion or deception.
- 2. Specific: Consent must be given for a specific purpose and must cover all processing activities for which the data will be used.
- 3. Informed: Individuals must be adequately informed about the processing of their personal data, including the purpose, the identity of the controller, and their rights.
- 4. Unambiguous: Consent must be clear and unambiguous, and must not be hidden in long terms and conditions or other legal agreements.
- 5. Easy opt-out: consent must be as easy withdrawn as it was obtained.
Organizations must be able to demonstrate that they have obtained valid consent from individuals, and must be able to show what information was provided to individuals at the time of obtaining consent. Consent can be withdrawn at any time, and organizations must provide a simple mechanism for individuals to withdraw their consent.
The General Data Protection Regulation (GDPR) is a regulation of the European Union that sets out the rights of individuals regarding their personal data and the responsibilities of organizations that process this data. The key provisions of the GDPR include:
- 1. The right to be informed about data collection and use.
- 2. The right of access to personal data.
- 3. The right to rectify inaccurate or incomplete data.
- 4. The right to erasure in certain circumstances.
- 5. The right to restrict processing.
- 6. The right to data portability.
- 7. The right to object to data processing.
Organizations that process personal data of individuals in the EU must comply with the GDPR and can face significant fines for non-compliance.
In the case of the US, the European Commission has not made a determination of adequacy for the country as a whole. However, some specific frameworks, such as the EU-US Privacy Shield, provide a mechanism for companies to transfer personal data from the EU to the US in compliance with the GDPR. To participate in the Privacy Shield, companies must self-certify their compliance with the Privacy Shield framework and regularly re-certify their compliance.
Organizations can also transfer personal data to the US under the GDPR by using standard contractual clauses, which are model contract clauses that have been approved by the European Commission as providing adequate protection for personal data.
There have been recent developments that suggest that changes to the GDPR are likely in the future. For example, the European Commission is currently working on a proposal for a new regulation, the ePrivacy Regulation, which would complement the GDPR and provide additional protections for the processing of electronic communications data.
Additionally, there are ongoing efforts to harmonize data protection laws across the EU and to improve the enforcement of the GDPR. These efforts may lead to changes in the interpretation and application of the GDPR by the European courts and national data protection authorities.
US companies that offer goods or services to EU individuals or that monitor their behavior must comply with the GDPR. The GDPR sets out specific obligations for organizations that process personal data, including the requirement to have a legal basis for processing personal data, to implement appropriate technical and organizational measures to protect personal data, to provide individuals with specific information about their personal data, and to respond to individuals’ requests regarding their personal data. US companies that are subject to the GDPR must appoint a representative in the EU if they do not have a presence in the EU, and must appoint a data protection officer (DPO) if their processing activities require regular and systematic monitoring of individuals or if they process sensitive personal data on a large scale.