How will GDPR affect healthcare systems?


With the new GDPR going into effect on ay 25th, healthcare facilities will need to comply with access to data portability.

The EU's GDPR will begin May 25, and businesses across the globe are gearing up for the changes to come. The GDPR is changing more than just compliance, its changing the way business operate, and of course how they interact with the data of EU residents. One of the industries that will be held to higher standards is healthcare.

The healthcare industry can expect a variety of new challenges when it comes to gathering and protecting the personal data of European Union residents. The new legislation aims to build upon common and current personal information protection, working to ensure that data is protected across all processing activities and endpoints.

Prior to the new legislation, personal data was widely viewed as the property of the businesses or organizations that collected and held on to the information. When the new legislation comes into effect, any data of the EU residents will be seen as the individual of their data by organizations. The GDPR defines the rights of the individuals as they relate to data protection, these rights can be broadly summarized like these:

  • Informed Consent: The right to be clearly informed why the data is needed and how it will be used. Consent must be explicitly granted and can be withdrawn at any time.
  • Access: The right to access, free of charge, all data collected, and to obtain confirmation of how it is being processed.
  • Correction: The right to correct data if inaccurate.
  • Erasure and the Right To Be Forgotten (RTBF): The right to request erasure of one’s data.
  • Data Portability: The right to retrieve and reuse personal data, for own purposes, across different services.

This last point of data portability, is an exciting new change. As consumers, having access to move or reuse our own data is something that we should have had access to before.But now it is something that will be accessible to each one of us. Including those business that have a reach worldwide. Which in effect will help those outside of the EU.

How can healthcare facilities brace for the GDPR? Well there are several actions that they should be taking to ensure they are prepared.

  1. Audit your facility to determine the personal data that needs to be reorganized for compliance.
  2. Ensure how the data is being processed, stored, transferred and share inside/outside your facility.
  3. Review your cybersecurity capabilities.
  4. Commit your organization to rigorous risk-based cybersecurity program characterized by continuously assessing your GDPR relevant data life cycle, and the overall security posture.

Read the full article and more concise points here.

At IDLink we are capable of helping your organization comply with the GDPR in a seamless way. Find out more how we can help you. Give us a call, or leave us your contact information and we will be happy to be in touch with you visit us at

Sebastian Allerelli
Partner at Safe Online
© 2018 Safe Online