+1.855.360.3282 Contact Us

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

Ramon Chen, Chief Product Officer, Reltio

On May 25, 2018 GDPR (General Data Protection Regulation) went into effect. The primary objectives of the GDPR are to give control back to their EU citizens and residents over their personal data, to simplify the regulatory environment for international business, and to unify regulations within the European Union.

GDPR is relevant for any organization doing business with EU citizens, regardless of where the company is based. Personal data includes a wide range of personal identifiers, from addresses and public information, to social profiles, images, IP information, device IDs and medical and financial details.

Consumer personal data collected within your company is often distributed to multiple systems and organizations, resulting in duplication. Your organization may be considering master data management (MDM) solutions to address various data management needs including compliance challenges. Legacy MDM systems may comply with a small part of the regulation by managing profile data, but they also leave it to you to figure out how to manage the transaction and interaction information distributed across systems and channels.

Complying with GDPR should be part of your day-to-day operations. One philosophy is that a Modern Data Management platform should organically support the key elements of GDPR by managing your customer’s profile information, lineage and succession through your day-to-day data management activities.

  1. RIGHT TO BE FORGOTTEN – GDPR guidelines require your organization to support your customer’s Right to be Forgotten and purge their records upon request. Your business will also need to support your customer’s request for a copy of their information in a portable format. Any GDPR solution needs to guarantee purging of all traces by customer entity type in support of data erasure, including the removal of any attributes and historical transactions made by individuals captured as part of their digital activities, which is outside of the scope of traditional legacy MDM tools.

  2. CONSENT MANAGEMENT – Your company must also support a provision to produce any proof of consent provided by your customer on request, and a way for customers to withdraw the consent. Explicit consent is required before information is collected, and adult consent is mandatory when the collection of data involves children below the age of 16 years. Any solution that supports the management and maintenance of rights and consents must have the ability to capture and store consent types. Graph technology provides a great way to store relationships so you can easily capture and prove that an adult provided consent regarding the collection of information for a minor.

  3. AUDIT & LINEAGE – The new GDPR legal framework requires your company to support the ability to demonstrate the deletion of your customer’s private information. built-in audit and data lineage to support accountability for your business to demonstrate compliance. Attributes must also traceable back through lineage to the internal and external data providers they came from. In the case of a change request, the request can be routed back to its original source.

While there are many tools being offered to meet GDPR and other regulatory requirements, companies should use a Modern Data Management platform that supports both offensive (e.g. improve operational efficiencies, deliver better customer experiences) data strategies, and has defensive (e.g. maintain compliance, reduce costs) data strategies built-in.

Facebook has stopped short of promising GDPR level data compliance for US users. If you are a US company, even if you have no EU data, you should consider implementing a Modern Data Management platform that gives you GDPR-ready capabilities. Imagine the branding and goodwill you’ll get with your customers when they realize that you are taking measures above and beyond (exceeding that of Facebook) to respect their privacy and data.

Finally it won’t take long for the US and rest of the world to catch up, the State of California recent enacted The California State Assembly’s passage today of the California Consumer Privacy Act (CCPA) which has many elements of GDPR. My article listed three very basic GDPR requirements, there are certainly many many more. Regardless of the solution or tool you put in place today you know that many more regulations are coming. A Modern Data Management platform does the heavy lifting for you today, and protects you into the future, allowing you to focus on your business.

Four Ways to Use GDPR as a Strategic Driver

Ankur Gupta, Sr. Product Marketing Manager, Reltio

Post May 25, 2018, per the General Data Protection Regulation (GDPR), companies with business ties to the European Union need to comply to GDPR standards. The cost of non-compliance is huge, but the regulation is meant to benefit individuals as well as businesses. Let’s look at what it can unlock for you and your brand if you approach it in the right way. What about being able to say that you are the safest enterprise in your marketplace when it comes to data? How about if you can not only reduce operational cost but can also create new revenue streams by being compliant to GDPR and other upcoming regulations?

1. Replace Legacy Systems by Future Proof Cloud-based Applications

When companies are taking steps to comply with GDPR, they are required to perform a ‘spring clean’ of their data, which can in turn lead to multiple efficiency gains. Organizing data improves the way firms carry out analytics and take business decisions. To comply with the regulation, companies must be able to illustrate the entire data flow – how data comes into the company; how they store and manage it; and how they treat it at end of life. This will encourage businesses to replace legacy systems by flexible cloud services to be more nimble and transparent especially when regulatory regime keeps evolving. In addition, most large enterprises have grown through M&A. Thus, they can look at GDPR as an opportunity to get rid of obsolete software and accelerate application retirement.

2. Gain Brand Loyalty and Attract New Customers

Companies can leverage GDPR to change the landscape from risk mitigation to improving their long-term competitive advantage. They can see early GDPR compliance as a competitive differentiator and position themselves as leaders of an emerging new normal. We trust those businesses who values our privacy beyond mere legal compliance. Thus, GDPR is an opportunity for businesses to get their data in order, get compliant and become consistently transparent with their customers. In a post-GDPR world, data sharing would be seen in the context of mutual respect and value exchange. It is an opportunity to re-connect your business with your current and potential customer base and start a new relationship based on mutual trust and responsible personalization.

3. Invest for the Future

The criticism that GDPR compliance might restrict innovations in AI ignores a subject’s right to privacy and consent. In fact, not being GDPR compliant would impose far more constraints on data collection and processing, slow down the ability to leverage innovations in AI and pay an opportunity cost such as market share losses in the future. Read this article for more details – Understanding GDPR and Its Impact on the Development of AI. In addition, in an era of data-driven innovation, business partners need to work together across the value chain. Data-driven innovation requires a clear understanding of the data to be collected and the reasons for collecting it. There are double opt-ins in such value chain: both partners need to be clear about what data they have about each other, and why. It’s very important that their data sharing practices are compliant with GDPR and other upcoming data regulations. As a first step to GDPR compliance, companies must define the scope of GDPR-relevant personal data that is collected, processed, and shared. Once a company identifies the scope of GDPR-relevant personal data, it should catalog all internal and external data sources that fall within this scope.

4. Execute A Delicate Interplay of Offense & Defense Data Strategies

In the post-GDPR era, personal data protection will become a data strategy issue. To comply, businesses need to have solid data organization and data governance in place. The GDPR gives companies the opportunity to holistically re-assess all their data, not just personal data. Data defense is about minimizing regulatory risk and preventing theft. Data offense focuses on increasing revenue, profitability, and customer satisfaction. Strong regulation in an industry (e.g. financial services or health care) would move the company toward defense; strong competition for customers would shift it toward offense. The CDOs and the rest of the leadership should see GDPR as an opportunity to establish the appropriate trade-offs between defense and offense to support company’s overall strategy. Read this blog post for more details – Is Your Data Strategy Defensive or Offensive? Why Not Both?.

Data is a company’s most important asset, and it’s constantly growing. Taking mandated compliance and turning it into an opportunity to personalize, delight and exceed customer expectations would fuel innovation reliably and responsibly.

Patient 360: Molecule to Market

Ankur Gupta, Sr. Product Marketing Manager, Reltio

The rise of the Chief Patient Officer and the “P–suite” emphasizes a commitment to a culture around patient-centricity across life sciences companies. Patients are becoming increasingly demanding and taking greater control of their own healthcare decisions. They expect all relevant parties like pharma, providers, and payers to collaborate and recommend the best treatment options.

It is essential for a pharma company to know their patient throughout the drug discovery, development, and commercialization process. Every department across a pharma company can contribute toward and benefit from complete patient understanding. Some of the use cases are:

1. Patient-centric Drug Discovery and Development

Recruiting and retaining the right patients, and capturing all interaction and transaction events during clinical trials are vital to continuously develop new diagnostics and treatments. Patient-centric clinical operations lead to improved clinical trial outcomes, reduced patient exposures to drug adverse events, and faster drug discovery.

Today, reliable data, relevant insights and recommended actions via machine learning can be combined into one, single cloud application, delivering analytical intelligence and operational execution. Such cloud based Patient 360 data-driven application helps pharma companies derive meaningful patterns from an ever-expanding volume of patient health data and incorporate those insights into the drug development processes. 


A Patient 360 application built upon a self-learning data platform delivers reliable, and up-to-date 360-degree views of patients, and their relationships with providers, healthcare organizations, caregivers, payers, plans, products and places, driving seamless omnichannel patient experience and improved health outcomes.


2. Personalized Corporate and Marketing Communications

Pharma companies are increasingly seeing more value in reaching out patients more personally and directly to improve patient loyalty and brand recognition. They want to execute direct-to consumer (DTC) drug advertising campaigns, deliver educational insights (such as medical information and pharmacovigilance) to inform patient decision-making and behaviours, and encourage patients to contribute their medical data to help advance medical knowledge.

A true Patient 360 data-driven application helps with prospect identification, capture, synchronization to CRM, and segmentation and targeting of existing customers and prospects in various life-stages. As part of the patient centric approach, brand-focused marketing is juxtaposed with the creation of content that supports a patient’s journey through disease progression. In addition, the Self-Learning Graph helps solve the problem of “householding” by grouping patients into family units by uncovering relationships. This patient-centric approach helps pharma companies to gain “profitable share” in competitive markets by informing their ‘pricing and contracting’ strategy and identifying treatable patients. 

3. Superior Patient Experience with Full Compliance in Place

Pharma companies can add far more value to patients by executing adherence programs such as tracking drug usage and benefits. Likewise, they can run affordability programs to help patients stay on therapy (e.g. by creating apps to educate patients or by reminding them about medications). However, to drive such initiatives, one needs to collect and use large amounts of sensitive health-related data of patients. A modern data organization platform helps you respect and protect patient HIPAA and data security concerns. In addition, it helps you be GDPR compliant and allows patients to provide granular consent for sharing their data.

The data forms a key part of the insight needed to create better products and services, better engagement, adherence, and relationships with patients. Changing business models, expectations of “patient of one” and newer regulations will accelerate the evolution of pharma and healthcare. The transition will not be easy, but building a reliable Patient 360 with ability to pivot around pharma, provider, and payer is the first step towards patient-centricity.