Resources

All fields are required.

Close Appointment form

GDPR – Strengthening the Security of Sensitive Patient Data

  • Home
  • GDPR – Strengthening the Security of Sensitive Patient Data

Date-wise Representation of GDPR from Proposal to Implementation:

25th Jan 2012 GDPR proposal came to the EU Council for consideration.
17th Dec 2015 The joint bid for GDPR gets approved by the European Parliament Committee.
14th April 2016 GDPR is adopted, and the features of the new regulation get clearly mentioned in the official EU journal.
25th May 2018 After a gap of two years, the law gets implemented within all EU member states.

Quick Look into What GDPR is all about?

GDPR is an updated version of the age-old Data Protective Directive [95/46/EC] of 1995. The decision to upgrade the existing directive did not happen overnight. The proposal for a more comprehensive regulation came jointly from the European Parliament, the Council of the European Union (EU) and European Commission. The main motto of the General Data Protection Regulation (GDPR) is to strengthen the protection of data of the individuals within the EU territory. The law applies to all those EU and non-EU companies who process or deals with private data of EU citizens, irrespective of their location.

How GDPR Differs from the Old Directive? – The Note-worthy Changes in the New Regulation

With the introduction of the new data protection regulation, many policy changes came into light. From stricter compliance checks to hefty fines, GDPR has brought in a massive wave of transformation to make data usage more transparent and organized.

Instruction Type

The significant difference between GDPR and its predecessor lies in the type of instruction they are. Unlike the previous policy, GDPR is not a directive. It is a regulation that legally binds all the companies falling under its jurisdiction with stricter laws to follow. Whereas an instruction can only lay out the objectives like a guide, cannot enforce it.

Consent Type

The new regulation makes consent forms more explicit for better transparency when dealing with data. There is no place for unclear and ambiguous to understand consent forms. GDPR makes it compulsory for businesses to explicitly state the facets of consent forms, making it distinguishable from other declaration forms. Also, privacy policies should be mentioned in detail and should be readily accessible to the subject. The customer should have a precise knowledge of what purpose their data will serve before being asked for consent regarding its usage.

Also, companies need to store the data source, the medium of its collection, usage purpose and the approval of the subject for the same.

The inclusion of Privacy By Design

According to the new law, the companies handling EU subject’s data must give importance to system design from the beginning. It should not be an add-on for the later part. Right from the start, data controllers must pay attention to designing the system giving priority to privacy concerns. When using new technology to process data, the company must perform a Data Privacy Impact Assessment (DPIA) to find out possible risks.

Territorial Reach

The reach of the previous data protection direction was limited within the EU territory. Companies located in the European Union were only subjected to the directive. However, the new law eliminates territorial boundaries and makes GDPR applicable to all data controllers and processors. As long as your company processes EU subject’s data, you are bound to comply with GDPR.  Location is no more a limitation for the data protection law to apply.

New Set of Rights for the Data Subjects

Earlier, data subjects did not enjoy as much transparency and control over their data as they are now going to with this GDPR in use. Although, the previous directive also gave EU citizens the right to data the new regulation adds an extra edge to it with a more rigorous approach.

  • Right to Access and Erase Data – Now under GDPR, the subject has the right to ask the controller to erase their data whenever they want. Also, an individual enjoys the right to access data to verify whether it’s not in wrong use.
  • Right to Be Informed – Everything related to the processing and use of data should be informed to the individual. As per GDPR, the subject has the right to know for what purpose their data is going to be used.
  • Right to Portability – Under this right, an individual has the freedom to port their data from one controller to another as per their will. They can at any time demand the copy of their data for transferring it to the other.

Hiring Data Protection Officer

According to the previous directive, local Data Protection Officer (DPA) had the responsibility to record the activities of the data controllers. But with the new law, companies with large-scale data processing will have to appoint a DPO who will systematically monitor the data processing regularly.

Notification of Security Breach

GDPR makes breach notification mandatory. Data controllers must inform their supervisory authority about any data breach incident within 72 hours of learning about it. Also, they must notify the subjects who are at risk due to the breach.

Enterprise Penalties for Non-compliance

Article 83 of the new regulation clearly states that enterprises failing to comply with GDPR policies will have to bear heavy penalties. The penalty amount can be a maximum of 4% of the global turnover or €20 million of the previous FY, whichever will be greater. However, the fine will be on the basis of the level and the criteria of different types of non-compliance actions. Also besides fine, the company may receive warnings or suspension of their data processing license permanently.

Everyone is Responsible Now

Under GDPR, everyone is responsible for protecting data and accountable for any data breach. Earlier, it was only the data controller who was held for data misuse if any. But, now, both the data processor and controller has to comply with GDPR to avoid mishandling of data. This means that even third-party data processors will also have to follow the compliance norms set by the new EU regulation.

Is our Database GDPR Compliant?

Healthcare industry deals with highly sensitive patient data. Therefore, application of GDPR becomes more stringent and stricter in this sector. Unlike the previous directive, GDPR clearly defines health data and focuses on protecting the patient data also. It brings all the physical and mental health information of an individual under the jurisdiction of ‘health data.’ Hence, data processors and controllers engaged in health data processing have to abide GDPR compliance guidelines at any cost.

We as a marketing database provider in the healthcare industry have always given priority to protecting our client data. It is not that with GDPR coming into play, we have become alert and paying particular attention. While most providers were adversely affected by GDPR, we had an opposite experience. Even before GDPR got implemented, we were ready to face the compliance challenge. A dedicated legal team ensures that we follow all the norms to keep our proceedings legal and wise.

Our team has taken necessary steps to ensure that the data we offer is GDPR compliant-

  • The contact details of prospects we offer come from reliable sources like market surveys, seminars, conferences, websites, business listings, etc.
  • We double check and verify every data through email and telephone verification process.
  • We update, clean and validate our database on a regular basis.
  • We have appointed a DPO to keep an eye on our data processing.
  • Every data is stored with proper protection in place.
  • We have designed our systems by giving priority to data privacy.
  • We make sure only permissioned based data enters our database.

How MedicoReach Protects Your Personal Data?

  • All our security systems have been updated to protect data.
  • We have a Subject Access Requests (SAR) system to respond to your data access request.
  • Our team audited the existing database to keep it authentic and accurate.
  • All the data we process takes place in a legitimate and compliant way.
  • We respond quickly to customer’s request for data erase or portability.
  • Our data processing is transparent, and we keep customers informed about their data use.
  • Proper consent is taken from the customer before initiating any communication.
  • Through emails, we offer the opt-out option to clients as per their choice.
  • We are training staff about GDPR to promote data compliance culture within our organization.
  • We store data in an encrypted format and protect them with passwords.
  • Our systems are re-designed to strengthen security checks.
  • We have a DPO who continually monitors and tracks use of every data.
  • We make sure that the third-party vendors we work with follow security obligations.
  • We encourage clients to follow security practices and take charge of their data.

“Data protection is the need of the hour. It is our joint responsibility to respond to the legal obligations to prevent misuse of data.”

*For any further query about GDPR compliance, visit EU’s official website for first hand and more accurate information.

If you want to know about our GDPR-compliant data, then you can reach us anytime via email at [email protected] or can call us at 1-888-664-9690.

 

 

print page


Contact Us
300, E Royal Lane, Suite 127
Irving, Texas 75039
United States of America
Facebook Twitter Google+ LinkedIn
Sign up for our newsletter

© 2018 MedicoReach All rights reserved..

DMCA.com Protection Status