GDPR 2018
The revised General Data Protection Regulation (GDPR) of the European Union (EU) address the protection of its residents (data subjects/patients) with regard to accessing, processing and the free movement of their personal data. It was adopted in the European Parliament in April 2016 and shall apply across the EU form 25th May 2018.As opposed to a directive, a regulation is directly applicable in all member states. The main purpose of the GDPR is to define and update several basic right of its subjects/patients regarding control of and access to their personal data and to implement common rules for data protection in all member states. Key elements of the new regulation include, for example: the need for clear and affirmative consent but he data subject/patient concerned, destruction of data if storage if no longer necessary for the initial purpose or after withdrawal of consent by the data subject/patient (right to be forgotten); the right to obtain rectification of his/her data; the right of the data subject/patient to transfer personal data to another service provider (data portability); the right of the data subject/patient to be informed when his/her data have been hacked. Protection of personal data is of particular importance in the health sector, and the basic requirement of confidentiality of diagnostic and therapeutic information requires special attention in the digital environment. The often conflicting objectives of ensuring privacy rights for personal data whilst providing adequate access to data represent particular challenges in this sensitive area. Therefore the new GDPR provides several derogations with regard to data concerning health.