Are you GDPR compliant with your MedTech Lead Generation?

When the General Data Protection Regulation (GDPR) came into effect on May 25, 2018, it was heralded as being the toughest privacy and security law in the world.

Following years of complaints about ineffective online privacy, and the misuse and abuse of data, the introduction of GDPR within the EU had, and continues to have, a seismic effect on the way marketers approach every aspect of their marketing and sales funnels.

Many previous attempts to reign in and the capture and use of online data failed because they lacked the power of legally mandated enforcement. (In many cases, people and companies chose to ignore and guidance or advice, and just continued to do what they could ‘get away with’ because there was no strong deterrent.)

This changed with GDPR.

Non-compliance can be costly. Within the first 20 months of GDPR coming into effect, hundreds of fines (totaling more than €114) were issued to companies for non-compliance.

With even huge tech behemoths like Google and Facebook being among those fined, you might wonder how smaller companies can be expected to remain compliant.

What is GDPR compliancy?

With the advent of GDPR, any company operating in the European Union (EU) must fulfil certain obligations. (Put another way, the Regulation applies to any organization that does business with EU citizens, regardless of where it is based).

If your MedTech business collect data from, markets to, or does business with people living in the EU, it’s important to make sure your lead generation is GDPR compliant.

As pointed out by IT Governance, compliance is a continual process, not a one-off activity.

The rules set out in the Regulation must be followed and documentation proving compliance kept.

Although many of us may be tired of seeing Cookie Notices or Privacy Notices pop up on every new website we visit, it’s important to remember that these are for the benefit of the user, to ensure they are aware of, and in control of, what data is collected about them and where it is used. 

What does GDPR mean to Lead Generation for MedTech companies?

Although GDPR is now well established and here to stay, there are still a few companies and individuals who chose to ignore the requirements, a legally risky approach and one with potentially far-reaching (and expensive!) consequences.

As the experts in marketing in the MedTech vertical, we know exactly how important it is to be compliant with any and all regulations. When capturing or using any data about an individual’s health in particular, it is right that people can be confident about how, when and where their data may be used.

(Incidentally, this is one of the reasons there was such a focus put on Google’s acquisition of Fitbit, when many privacy advocates voiced concern about the potential for abuse of data collected. Interestingly, an article on Google’s blog specifically noted that the acquisition had always been about the devices, not the data.)

GDPR means that your MedTech organisation must follow the rules set out in the Regulation and keep appropriate documentation that demonstrates you are following those rules.

If circumstances* change, you will need to make sure that relevant processes and documentation are updated.

*This may be a circumstance that occurs externally to your company. For example, Brexit led to two different versions of the Regulation: the EU GDPR and the UK GDPR.

• Get consent

While GDPR allows data to be collected, it must be for a clear legal reason. Typically, this will be:

• When somebody requests information about a service or product
• Because somebody specifically consented to have their data collected
• To enable a contract to be drawn up for a client

For MedTech lead generation purposes, make sure that a user is always prompted to opt in before any data about them is collected, stored, or shared. 

• Inform

It’s important that you always clearly explain to a user the ‘how’ and the ‘why’ of any information that is being collected about them. This will be on your website Privacy Page (a GDPR “must have”).

• Be clear

It’s no good having a Privacy Policy if it can’t be easily found by a user. Make sure that your Privacy Policy is clearly signposted on your website (often on the footer or visible as a pop-up box when the website is first visited.

• Allow opt-outs

GDPR gives people the “right to be forgotten” at any time, with no questions asked. If they request it, you’ll need to delete their information.

Specifically for lead generation, this may mean somebody decides they no longer want to receive your marketing materials or promotional emails. For this reason, always include a link for somebody to opt-out or unsubscribe.

How can MedGen help with your Lead Generation compliance?

It’s safe to say that GDPR impacts on every aspect of marketing, from lead generation to follow-up.

It can seem like a lot of work, and many companies feel quite overwhelmed by the requirements.

If that’s you, our advice is to RELAX.

Yep, really.

Take a deep breath. 

Feeling more relaxed?

Great! Because we’ve got your back on this.

All our MedTech marketing solutions are already compliant with GDPR (and HIPAA in case you’re interested!).

Which means you won’t need to put in any extra time, energy (or money) to remain compliant with GDPR when you work with us.

Sound good?

If you like the sound of “no extra time, energy or money”, why not get in touch with us for help with your marketing campaigns?

We help MedTech companies of all sizes get incredible results from their marketing campaigns by continually optimizing them through our industry-leading proprietary machine learning and tracking technology.

Our highly experienced team of MedTech specialists would be delighted to help you achieve your campaign goals (while remaining GDPR compliant!).