The healthcare sector is currently subject to the strictest data protection regulations of any other sector. These regulations now include the EU General Data Protection Regulation (GDPR). In our new whitepaper, Implications of the GDPR in Healthcare, we discuss how the EU GDPR addresses healthcare data. What are the possible long-term consequences of healthcare data misuse?
Operating on Privacy by Default
The EU General Data Protection Regulation (GDPR) entered into force on May 24, 2016, and the rules will apply in two years’ time, beginning May 25, 2018. The aim of the GDPR is to have one set of data protection rules applicable throughout the EU. However, many EU Member States may include specific national provisions, some of which will apply directly to the healthcare sector. Since the GDPR encourages organizations to operate on privacy by default, data protection measures must be implemented across the board. All devices, data processing and storage activities need to be protected. A failure to take such precautions could subject organizations to heavy regulatory fines.
In addition, the GDPR has laid out specific information for healthcare organizations. Notably, healthcare data under the GDPR will be subject to a higher standard of protection than personal data in general.
Our whitepaper covers the importance of:
- obtaining consent
- the rights of data subjects (Right To Be Forgotten, Right To Data Portability, Subject Access Right)
- the need for a Data Protection Officer (DPO) in some circumstances
- the requirements for assessments
- mandatory breach reporting requirements
Under the GDPR, organizations may be subject to data protection audits at any time as well as strict penalties for non-compliance. Preparation over the next two years is key.
It’s Time to Prepare for the GDPR
Given the lengthy requirements of the GDPR, it’s important to thoroughly lay the groundwork for all aspects of the GDPR over the next two years. In our whitepaper, we lay out some tasks you can tackle right away, from reviewing vendor contracts to updating your key policies, procedures, and technologies. Learn more about how the healthcare sector can address the challenges of compliance with the EU GDPR through a holistic approach to data management.
Absolute Data & Device Security (DDS) allows organisations to persistently track and secure all of their endpoints and the data they contain within a single cloud-based console. Remotely manage your devices and the data they contain. Ensure that your endpoint IT compliance processes are properly implemented and enforced. Learn more here.