GDPR driving changes with marketing conduct
New GDPR legislation is pushing pharmaceutical solution providers to revolutionize their marketing practices.
In our recent special feature, we asked GDPR analyst Chiara Rustici to explain the effect of the GDPR requirements on the pharma industry
More specifically… is data-driven pharma innovation in Europe going to be penalized by data protection compliance? She said:
“The General Data Protection Regulation (GDPR) does not regulate pharma data per se but regulates what must and must not be done when working with personal data sets. In particular, health data, genetic data and biometric data are singled out as special categories of personal data attracting additional precautions because of their high-risk potential to infringe individuals’ rights or freedoms.
“However, it is not a piece of law that will automatically invalidate existing sector-specific laws, but it will work alongside any laws already applicable to pharma research: the effect is to “fill any gaps in between other laws”, so to speak. Thanks to the GDPR we will know how to handle personal data in all areas of research, whether previously regulated or not. What’s new, of course, is a mindset shift from believing that if a data use-case is not explicitly prohibited then we go ahead presuming it’s ok, to knowing that when a data set includes personal data like biometric, genetic and health data, it will need to be given the GDPR/Privacy-by-default treatment.
“So, a first reassurance I’d like to offer is that, even if national parliaments round the EU do not manage to incorporate the GDPR in their existing bodies of national law in time for the May 25th deadline, the black-on-white text of the GDPR will apply directly and will be your guide for any data research. It might make actual litigation slightly more difficult, as not all the legal procedures will be in place, but from a pharma researcher standpoint, rather than a litigator’s, overall the GDPR has been drafted clearly enough to allow it to dovetail with other sector-specific laws and rules.
“A second reassurance I’d like to offer is that the GDPR has been drafted with a number of clauses “suspending” some of the GDPR prohibitions in the context of public health and scientific research. Most areas of pharma research, in short, have little to fear from the GDPR. (See my presentation slides and sector reports).
“What will become important, however, is transparent accountability: the obligation to indicate - for any data record or data manipulation exercise - the legal basis or research-specific legal exception we rely on. Every data record and any data transformation must be accompanied, right from the start, by a description of: (1) its legal basis; (2) its purpose; (3) its retention period or timeframe; (4) its recipients/any parties it will be disclosed to; (5) whether individual profiling is carried out and its likely consequences for the individual.
“This accountability framework will turn out to be an important ally in what all other panelists see as critical investment in pharma data management: no longer a nice to have, a data architecture enabling excellent data lineage, purpose-driven data taxonomy and metadata management will double-up as an indispensable tool to demonstrate accountability to the data protection supervisory authorities as of May 25th.
“Real-world data and real-world evidence, however, deserve a special mention in the context of data-driven pharma innovation.
“The potential of vast troves of connected device data or social media feeds to yield pharmaceutical insights needs to be tempered with GDPR considerations about individuals’ awareness of any further uses their data is put to and understanding of which organisations it will be shared with. In most situations connected users are not intentionally donating their data to research. Until now the consumer IoT has been relying on opaque consent terms or authorisations to share data with generically described “trusted third parties”. The GDPR is a turning of the screw on these loose permission terms and will not grandfather the legality of legacy data sets if they have old-style permissions.
“Any real-world data sources pharma research relies on must be scrutinised for their potential to be, quite simply, obtained illegally.”
Her final sentence highlights a huge marketing consideration for providers within the pharmaceutical, biologics and medicine distribution markets.
In reaching out to potential future business clients, suppliers must ensure their data has been obtained legitimately. They will need to use credible data sources for lead lists.
Practices, in many companies, will need to be altered in order to protect data subjects.
Theoretically, one could assume that the reduction in marketing noise as a result of GDPR could spark higher conversion rates from compliant marketing efforts – due to the higher relevance of outreaches and the lower occurrence of data misuse.
We at Pharma IQ have been connecting professionals for more than six years. Over the last few months we have been refining and polishing our practices so they are GDPR compliant.
Dedicated to practitioners involved with pharmaceutical supply chain, drug discovery, clinical trials , medical devices and informatics, Pharma IQ and Pharma Logistics IQ are catalysts for conversation, connection and change that inspires the growth of our industry, and provides high-quality content, tools, learning and networking opportunities.
For further information on future opportunities with Pharma IQ contact us today:
Head of Online
Tel.: +44 207 368 9431