With the General Data Protection Regulation (GDPR) resulting in a rise in enforcement incidents, it is prudent for organizations operating in the health and life sciences industries across the United Kingdom, European Union (EU) and other European Economic Area (EEA) nations to assess their responsibilities regarding the gathering and handling of health data. Major Points: “Data concerning health” is a wide term; it doesn’t just apply to medical records. Policies and processing records should accurately capture all health data, including inference data. Most EEA countries, and the United Kingdom, have national laws that supplement GDPR. Consent is not the only legal basis for collecting, storing and using health data; there are other options available, but be aware that “insufficient legal basis for data processing” is a common type of GDPR violation. If used, health data consents must be granular, specific and transparent, and they must break down all the...
read more