Expert Advice Community

Guest

Medical data and GDPR

  Quote
Guest
Guest user Created:   Feb 26, 2019 Last commented:   Feb 26, 2019

Medical data and GDPR

1. Does the GDPR restrict hospitals in any way from encrypting and sending their patient data to a third party?
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Andrei Hanganu Feb 26, 2019

Answer: There is no restriction for hospitals to send patient data to a third party if the hospital has proper privacy notice to inform the patients of such data and if there are binding legal arrangements in place to ensure that the recipients of data comply with the requirement of Article 28 of the EU GDPR.

2. Does the GDPR restrict hospitals in any way from having the third party conduct computations on the encrypted data in order to anonymize and erase the data?

Answer: Hospitals as data controllers can instruct the third processors to anonymize the data and strip it form any attributes that can be linked to a data subject.

3. Does the GDPR restrict hospitals in any way from subsequently using the fully anonymized data for purposes without direct consent, i.e. even commercial purposes?

Answer: If the data is fully anonymized then it is no longer personal data and the GDPR is not applicable. If you want to find out more about the EU GDPR, check out this EU GDPR Foundations Course (https://advisera.com/training/eu-gdpr-foundations-course//).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 26, 2019

Feb 26, 2019

Suggested Topics

Guest user Created:   Jul 23, 2018 EU GDPR
Replies: 1
0 0

Vital interests and public interest

Guest user Created:   Feb 13, 2018 EU GDPR
Replies: 1
0 0

EU GDPR obligations

Guest user Created:   Jun 09, 2022 EU GDPR
Replies: 1
0 0

GDPR Questions