With the new GDPR going into effect on ay 25th, healthcare facilities will need to comply with access to data portability.
The EU’s GDPR will begin May 25, and businesses across the globe are gearing up for the changes to come. The GDPR is changing the way business operate, and of course how they interact with the data of EU residents. One of the industries that will be held to the new higher standards is healthcare.
The healthcare industry can expect a variety of new challenges when it comes to gathering and protecting the personal data of European Union residents. The new legislation aims to build upon common and current personal information protection, working to ensure that data is protected across all processing activities and endpoints.
Prior to the new legislation, personal data was widely viewed as the property of the businesses or organizations that collected and held on to the information.
When the new legislation comes into effect, any data of the EU residents will be seen as the individual’s. The GDPR defines the rights of the individuals as they relate to data protection, and these rights can be broadly summarized:
- Informed Consent: The right to be clearly informed why the data is needed and how it will be used. Consent must be explicitly granted and can be withdrawn at any time.
- Access: The right to access, free of charge, to all data collected, and to obtain confirmation of how it is being processed.
- Correction: The right to correct data if inaccurate.
- Erasure and the Right To Be Forgotten (RTBF): The right to request erasure of one’s data.
- Data Portability: The right to retrieve and reuse personal data, for own purposes, across different services.
This last point about data portability, is an exciting new change. As consumers, being able to move or reuse our own data is something that we should have had access t do before. But now it is something that will be accessible to each one of us, and it will affect those business that have a reach worldwide. That will even help those outside of the EU.
How can healthcare facilities brace for the GDPR? Well there are several actions that they should be taking to ensure they are prepared:
- Audit your facility to determine the personal data that needs to be reorganized for compliance.
- Check how the data is being processed, stored, transferred and shared inside/outside your facility.
- Review your cybersecurity capabilities.
- Commit your organization to a rigorous risk-based cybersecurity program characterized by continuously assessing your GDPR relevant data life cycle, and overall security posture.
Read the full article and more concise points here.
Safe Online can help your company comply with the GDPR. Find out how at bysafeonline.com