Embedding Identity and Consent Across the Enterprise: A Path to Compliant Omnichannel

Over the past 15 years there has been a large scale shift in what is required from pharmaceutical organizations to meet the expectations of the HCPs, patients and consumers that they interact with, let alone exceed these expectations and delight them. This change has been driven by the way in which these individuals have become digitally enabled through the rise of smartphones and always connected devices. Individuals now want access to their data and information wherever they are and whenever they want—anything less than this is unacceptable. Not only is this connectivity expected in their interactions as consumers but also in their interactions as employees and professionals. Nowhere is this more pronounced than within the pharmaceutical space. Pharmaceutical organizations are in a unique position of having to deal with a very broad spectrum of individuals and entities, delivering often complex and sensitive information to audiences of differing knowledge levels and understanding.

Individuals now want access to their data and information wherever they are and whenever they want—anything less than this is unacceptable.

One thing that remains common across all industries is the expectation levels for how organizations should be engaging. Multichannel communication around a subject is now considered the norm and omnichannel communication is rapidly becoming the new expectation and goal. This has profoundly changed the way in which people interact with organizations and share their data in ways which were largely unforeseen. Organizations now hold vast quantities of data around the individuals they interact with that can help them deliver a far more personalized and tailored service to the individual. Many issues also arise however as data can become disjointed in siloed systems if not properly managed, individuals may not be aware of what data is stored on them and how it is being utilized, and organizations may be storing information for longer than expected or using it in a way that the individual did not intend originally.

Regulators have begun updating their frameworks to try and match the changing nature of this engagement to help protect individuals and provide guidance for organizations to help them make constructive but fair use of the information. Regulations such as the General Data Protection Regulation (GDPR) have come into force this year and further regulations are planned to update other areas. In a lot of the conversations we at Mavens have been having with customers and partners, the focus has been on preparing for not only the GDPR updates, but also ensuring that they are able to adapt readily for the next wave of GDPR style regulations, whether that comes from the US as some are advocating or APAC as the major nations look to revise their regulatory framework based upon the GDPR.

Omnichannel Timeline

So how does pharma ensure it can provide a great omnichannel experience for HCPs, patients and consumers, whilst maintaining compliance with the various regulatory frameworks? The keys to both allowing the omnichannel experience desired and enabling compliance are identity and consent, identity allowing us to correctly identify an individual to connect their data, and consent to allow this information to be used in a compliant way with the individual in control. These keys need to be embedded across the enterprise to have maximum impact, but what does this look like in practice?

1. A Single Enterprise Wide Store of All Identity Information

The organization (or at least each affiliate within) should have a single store of all their identity information that the various channels that a HCP, patient or consumer can use. As a minimum this should allow the individual the chance to use single sign-on (SSO) across the channels they are engaging on for an improved user experience. The store also provides a single source of the truth for the individual’s identity and associated contact information, helping to ensure that this information can be kept up to date as per regulations such as the GDPR.

2. Single Consent Store Attached to the Identity

Attached to this identity store should then be a single store of consent information. Consent information should be related to a specific individual, channel, initiative and set of consent language. Should the consent given by the individual change, it needs to be updated across all the channels, brands and initiatives that the individual is interacting with. Again we have from this single store a single source of truth going forwards that ensures we can both keep the information accurate but also maintain compliance. Additionally, the single source of truth allows us to utilize the consent properly and see the value and opportunity in the data (you can read more about that in our recent whitepaper).

3. Standardized Integration Options

Once we have our singular stores of identity and consent, we need to ensure that this information can be readily used across our existing channels as well as being easy to integrate into new channels in the future. Not only is this to allow us to ensure that the data can be utilized correctly, but this can enable the organization to reduce its overall risk profile. Any siloed system of identity or consent information is a risk to the organization as the data it holds can easily become out of date and incorrect. Not only is this a compliance risk, but it also makes the value of the solution itself questionable and can lead to it becoming irrelevant.

Any siloed system of identity or consent information is a risk to the organization as the data it holds can easily become out of date and incorrect.


With this structure in place, pharma can now not only ensure that they are compliant with the regulations, but meet the needs and desires of the HCPs, patients and consumers that they engage with across the varied channels, to provide them value through a connected omnichannel experience. From a messaging perspective we can now also ensure that through our identity store we are connecting with the right person, through our consent store we are sending the right message in the right channel, and by being able to integrate these stores across the organization, we can ensure the message is sent at the right time. Now not only are we compliant, but by embedding identity and consent across the organization we can fully utilize the data we have to provide a great experience for the HCPs, patients and consumer we are engaging with.

If you want to learn more about how Mavens can help you deliver this with our Identity and Consent Manager solution, you can find more information, including an overview sheet and the ability to request a demo through our website.

Paul Battisson

Author Bio

Paul Battisson is the Platform Strategy Lead for Mavens in EMEA, based in the UK. Over the past 15 years he has delivered solutions across a wide range of sectors including many highly-regulated industries. He has spoken at a number of healthcare industry and technology events on topics as diverse as machine learning, virtual reality, patient services and omnichannel marketing in pharma.