Assign topic to the user
Answer: There is no restriction for hospitals to send patient data to a third party if the hospital has proper privacy notice to inform the patients of such data and if there are binding legal arrangements in place to ensure that the recipients of data comply with the requirement of Article 28 of the EU GDPR.
2. Does the GDPR restrict hospitals in any way from having the third party conduct computations on the encrypted data in order to anonymize and erase the data?
Answer: Hospitals as data controllers can instruct the third processors to anonymize the data and strip it form any attributes that can be linked to a data subject.
3. Does the GDPR restrict hospitals in any way from subsequently using the fully anonymized data for purposes without direct consent, i.e. even commercial purposes?
Answer: If the data is fully anonymized then it is no longer personal data and the GDPR is not applicable. If you want to find out more about the EU GDPR, check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).
Comment as guest or Sign in
Feb 26, 2019