How healthcare organizations should prepare for GDPR

GDPR Regulation

The General Data Protection Regulation GDPR Regulation (EU 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) of 1995. The regulation was adopted on 27 April 2016.[1]

GDPR becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.[4]

Data Protection Officer DPO

A certified person with expert knowledge of data protection law and practices should assist the controller or processor to monitor internal compliance with GDPR Regulation.

The DPO is similar but not the same as a Compliance Officer as they are also expected to be proficient at managing IT processes, data security (including dealing with cyber-attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data. The skill set required stretches beyond understanding legal compliance with data protection laws and regulations.[2][4]

GDPR in Healthcare

Healthcare providers face a challenging period for the learning curve regarding GDPR compliance. The handling of sensitive personal data of each patient, stress out the need for immediate application of this Regulation. The complexity of healthcare services brings out a significant difficulty to an easy and smooth adoption of GDPR.

All levels of healthcare organizations or centers face huge obstacles on how to apply all the necessary updates to their clinical HIS, Data Banks and to all connected information systems. As many Head of IT Departments knows, all changes should run with an active operation system, because hospitals or clinics cannot switch off their network. In addition, GDPR will require the designation of a Data Protection Officer (DPO).[3]

Grafimedia provides a complete 360° support for making any size of a healthcare organization or center GDPR compliant.

Starting to plan now in relation to any new project will certainly have its benefits for protecting any significant implementation plans from being adjusted as the law becomes enforceable from 25 May 2018. So, even the fact that DPO role may already exist in some form, GDPR indicates the need for a stricter and to the point qualified individual for this position. DPO should provide the solid expertise for making data protection adjustments to existing information systems and any new ones, in order to meet GDPR demands.[4]

Some of the main GDPR demands are the following:

  • New requirements to minimize data
  • Deep data protection
  • Comply with legal rules
  • Form a transparent access to patient’s clinical data and use

Any detainments or failures to comply with the new Regulation on time, could cause significant consequences for a healthcare provider or organization. As it has been already formally announced from the EU Commission: The appointed Information Commissioner’s Office (ICO) will be able to impose fines based on a percentage of worldwide turnover or a fixed sum, whichever is higher.”[4]

In a world and more specifically in an Industry that trust and safety are way more important than any fine, the protection of a good reputation and authority acknowledgment, should be the number one top priority for the CEO of a Healthcare organization.

Grafimedia SaaS Health IT Experts are here to support you. Feel free to contact us for any further information regarding GDPR. You can reach out at the telephone +302103819939 or send us your queries to the following contact form:



GDPR General Data Protection Regulation Grafimedia
GDPR General Data Protection Regulation by Grafimedia

About Areti Vassou

Digital Strategy Director. Make Ideas Happen @ Digital Media, Research, Social Media Strategy, Web Design, Digital Copywriting & Digital Graphic Design.