Sanofi employee complaint about “insight gathering” (KAM calls and virtual EKC event): no breach (AUTH/3558/9/21)

📊

Key facts

⌄

Case number	AUTH/3558/9/21
Parties	Employee (anonymous, non-contactable) v Sanofi
Main issue	Concerns about insight gathering (KAM/account insights; alleged GDPR and covert marketing insights; EKC event scope change)
Applicable Code	2019
Clauses considered	1.11, 9.1, 15.9
Complaint received	05 September 2021
Case completed	23 June 2022
Appeal	No appeal
Outcome	No breach
Sanctions	None
Notable context	EKC event held virtually in June 2020 during Covid; focus described as understanding customer needs and virtual interaction preferences; proactive product discussion removed

Reviewed by Dr Anzal Qurbain (FFPM) — ABPI Final Signatory

🤖

Got a question about this case?

Ask one of our 13 specialist ABPI advisors — instant answers, 24/7.

Ask AskAnzal AI

🎬 Expert Video Walkthrough

🎬

Video walkthrough — coming for members

Subscribe now and get expert video analysis for every case as we publish them.

Subscribe — from £299/yr

📋

⌄

An anonymous, non-contactable Sanofi employee complained about “insight gathering” practices.
The employee alleged that under the guise of key account management (KAM), account executives were asked to capture and share “customer/account insights” from health professional calls, which were then used for local plans and national strategy.
The employee alleged a GDPR issue because health professionals were not aware the data was shared internally, and that the activity was effectively generating “marketing insights” without following a “clear and distinct process”.
The employee also raised concerns about an “engaging key customers” (EKC) event (June 2020) originally intended as remote-selling training, which allegedly changed close to the event into an insights-gathering exercise; an after-action review (AAR) comment suggested the certified briefing document did not match the changed intent.
The PMCPA asked Sanofi to consider Clauses 1.11, 9.1 and 15.9 of the 2019 Code.
Sanofi investigated internally (interviews with relevant staff) and stated: (a) account insight gathering was legitimate business intelligence; (b) staff were instructed not to include customer/patient identifiable information in shared templates; (c) privacy policies/training were in place; (d) no GDPR breaches were identified; and (e) the EKC remained a training event with a focus on understanding customer needs during Covid, with proactive product discussion removed.

⚖️

⌄

No breach of the Code was ruled.
The Panel found the complainant had not established (on the balance of probabilities) that Sanofi’s insight gathering breached GDPR or the ABPI Code requirements considered.
The Panel did not consider the complaint concerned formal market research.
The Panel did not consider the complainant had established that high standards were not adhered to, that briefing was inadequate, or that concerns were ignored as alleged.

🔒

Members get the complete breakdown — Clauses, Sanction, Signatory Lens, Audit checklist, and 3 Key Questions.

Best value

£249/year

Annual — save £99

£29/mo

Monthly

Join Now — Instant Access