GDPR and events. What does the pharma industry need to know?

16 Jul 2018 Pharma Ideas & Insights

GDPR and Pharma

In May 2018, new legislation came into force which changed the way we can collect, store and use personal data.

Worryingly, however, many people in the pharma industry still aren’t following the rules set out by the GDPR when it comes to running events and attending tradeshows. But with eye-watering fines for non-compliance - up to €20 million or 4% of annual turnover - now is the time to sort out your data processing activities if you haven’t done so already. Before it’s too late.

Keen to help and protect our pharmaceutical clients, at Apex, we’ve pulled together a handy summary to help you become GDPR ready.

How does the GDPR impact events in the pharmaceutical industry?

When you organise an event or attend a tradeshow, you probably rely on the sharing and manipulation of data. This includes information such as:

  • Personal information. Any individual piece of personal data, or combination of data, that could be used to identify an individual is covered under GDPR. Things like delegate names, email addresses, photographs and social media profiles
  • Sensitive information: The GDPR also covers sensitive information. Things like gender, health, disabilities, religious and political beliefs. So, even dietary data (e.g. lactose intolerant, Halal etc.) is considered sensitive data.

For pharma marketing and sales teams, the way they manage this data will have to change. And, according to legal experts, GDPR could be as disruptive for the event sector as the “TripAdvisor effect” has been on travel[1].

Of course, at Apex, we can remove the headache entirely by managing that all-important event data for you, with best in class delegate management software and practices that ensure 100% compliance.

Find out how our ultra-modern event registration platform helped to welcome large operators and investors from across the world.
Healthcare Business International 2016. Event Management by Apex.

While GDPR applies to all sectors, the pharma industry relies heavily on patient-centric data. As such, the damage to a company’s reputation as well as the loss of consumer trust if a breach occurs cannot be underestimated. Consequently, it is vital that all parts of pharma, including sales and event teams, are stringent in their approach to implementing GDPR.

What must the pharmaceutical sector do to ensure data protection compliance at events?

Start by undertaking a comprehensive audit of your data to establish the amount and type of info you have, where it is kept, who uses it, how it is used, how it is obtained, and how secure it is. Only once you know what data you have, can you ensure that you are handling it correctly.

Next, put processes in place to ensure compliance. The Information Commissioner’s Office (ICO) website also has a range of advice and support to help you get up to speed.

You should also speak to your event management partner to ensure that any automated event management solutions you use are compliant.

Using the GDPR to provide a better event experience

Crucially, despite fears about the GDPR, any pharmaceutical business that takes the opportunity to review how they use their data, and identify how they can legally extract and turn insights into actionable improvements and innovations could use this opportunity to improve their lead generation activities and deliver more impactful events. Here’s how:

Focus on face-to-face interactions

Despite advancements in technology, the power of face-to-face marketing is as strong as ever. The ability to interact with a potential customer, attend seminars, and see what your competitors are up to has always been done best face-to-face. And, with email and online marketing set to become increasingly challenging in the GDPR world, this old-school method of building relationships is going to become even more popular.

Subsequently, savvy sales and marketing teams across the pharma sector will be looking at ways to use events to connect on a personal level, rather than relying on detached online methods of networking and lead generation. However, a quick a word of warning. Even if you collect personal information face-to-face, you still have to store and use it correctly.

Find out how Apex helped Laurus Labs impress their European CPHi show delegates with a high impact exhibition stand and dinner event.
Laurus Labs – custom exhibition stand and evening event

Invest in best-in-class technology

When creating an event, it is not unusual to use a plethora of different tools to capture and make use of data. But, pharmaceutical companies that are still using Excel spreadsheets to store delegate information - or even antiquated online event registration software - could be in big trouble.

However, rather than groaning about the inconvenience, shrewd sales and marketing teams across the pharma sector are taking the opportunity to invest in quality registration and delegate management software that ensures 100% compliance.

Maximise the data you do have

The latest software won’t just help you meet your data protection obligations; it can also add a new dimension to your event and exhibition marketing. So, if you want to get ahead of the crowd, review how you use your data now, and identify how you can legally turn any insights into actionable improvements and innovations.

Find out how Apex helped GSK use on-stand attractions and exciting features to bring target customers to the stand - and keep them coming back.
On-stand attractions for exhibition stands

Build valuable relationships

It’s not illegal to send marketing emails to contacts, but you do need their permission to do this. This means that the GDPR will help put an end to email spam and make us all focus on building relationships with people that WANT to talk to us. For sales and marketing teams, this can be a positive development which generates more streamlined lead generation activities at pharmaceutical events and tradeshows.

Think about what your stakeholders want

Rather than a scattergun approach to marketing communications, pharmaceutical businesses will have to think hard about what their target audience will find interesting. Such compelling communications will lead to more valuable relationships and encourage stakeholders to share more information with you. Data that you can use to further enhance and focus your marketing activities at your next event, and beyond.

An event and Exhibition supplier for the pharmaceutical sector

Apex is one of the UK’s leading event and exhibition agencies. A specialist supplier to the healthcare and pharmaceutical industries, we understand your communication goals. And, through creative exhibition stands, product launches, sales conferences, awards dinners, and PR events, we help you meet them.

Our Exhibitions and Events teams have industry-specific knowledge and work in synergy with each other, and seamlessly with your other approved agencies. We work in all healthcare areas including ethical pharma, OTC and retail products, primary and secondary care communications, R&D and clinical trial events, nursing and NHS commissioning.

Creating exceptional events and eye-catching exhibition stands, we also keep you compliant, remove the stress, boost attendance and make your events a success.

To find out more contact us today, or give us a call on + 44 (0)1625 429370 to discuss your requirements in more depth.

What is the General Data Protection Regulation?

The General Data Protection Regulation (GDPR) was introduced in response to the rapid growth of technology. It aims to harmonise data privacy laws across Europe, and to protect and empower people in a new digital age by reshaping the way organisations approach data privacy. As such, ensuring compliance is a must for any business that is processing data relating to individuals in the EU.

Some of the changes include:

  • All consent must be “freely given.” This means that it can’t be inferred from silence, inactivity, or pre-ticked boxes
  • Separate approval must be given for different processing purposes
  • New and stronger rights for individuals when it comes to what is done with their info. For example, stricter rules on how data must be stored, and what data may be retained
  • The need for more robust and additional processes. For example, privacy impact assessments, data protection audits, etc.
  • An obligation to provide more meaningful information to individuals about how their data will be used
  • The need to establish robust procedures for detecting, reporting, and investigating any personal data breaches.

Importantly, under the GDPR, companies will have to define the legal basis on which they are holding or using an individual’s data. These acceptable reasons include consent, contract, legal obligation, legitimate interest, vital interest and public task. But, while ‘consent’ is not the only basis to hold data on people, for marketing and event activities, it is usually a must.

Check out our Pharma Resource Centre with bespoke content created exclusively for the sector.


Don't miss out on the latest creative ideas from Apex. Sign up for insights that can take your events to the next level.


[1] Boyes Turner Law Firm

Paul Ashford is a founding director of and has over 25 years’ experience in live events and conferencing. He has a particular interest in creative communication and team dynamics and advises Apex’ clients on how to build teams and convey their key messages in visually stimulating and effective formats.