Questions regarding GDPR

1. Is the GDPR applicable to the clinic if we have EU customers?

If you are specifically targeting clients in the EU then in relation to the processing activities of the health data the EU GDPR would be applicable.

2. We ask for some information form possible patients details about their health conditions and allergies. Is there any specific conditions to comply with?

If the health data is required strictly in relation to the medical procedure than it should be ok to ask for this information, You need to specify in your Privacy Notice for what purpose you are asking for health data.

If you want to find out more about Privacy Notices check out this webinar "Privacy Notices under the EU GDPR" (https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/).

3. Do we need a DPO?

If your main activities imply the processing health data of EU data subjects you should consider hiring a DPO or contracting a third party that can provide such services.

4. Do we need to ask for consent before asking the health data?

No, consent is not needed provided you ask for the health data in order to protect the vital interest of the patients.

5. We have a contract with a hotel where we keep the patients after the procedure. We send them the names of the patients to the hotel. Do we need to do something?

This highly depends on your activity and the types and categories of personal data you are processing, 

6. How much would it take to be compliant with GDPR?

You can get an idea on the duration by accessing this EU GDPR Compliance Calculator (https://advisera.com/eugdpracademy/eu-gdpr-compliance-duration-calculator/)