Annual Report: GDPR — 12 months to go and 12 key points for the healthcare sector

Date published





The General Data Protection Regulation (GDPR) is poised to introduce significant changes to data protection law in the EU, which will impact on many organisations.

The impact for organisations that collect and use health data such as hospitals, pharmaceutical companies, academic institutions and medical technology companies will be far-reaching.

In this article we look at 12 key points about the GDPR and how it will affect the health care sector.

The 12 stays of GDPR

  • Effective date: Pear-ed up with UK legislation?
  • Dove-tailing with Brexit?
  • Data on physical and mental health
  • “Sensitive Personal Data”: a wider definition
  • Ringing the changes: Anonymous and pseudonymous data
  • Processing health data: laying the foundations
  • More onerous requirements for valid consent: making it clear
  • Rights of data subjects
  • Significant change ahead
  • Claims by data subjects
  • Breach notification
  • The one to beat: Administrative fines

Related item: Countdown to tough EU data protection reforms

Read other items in the Healthcare Brief - June 2017