GDPR: New European regulations involving new rights and obligations
From 25 May 2018, the General Data Protection Regulation (GDPR) replaces the current 1995 Directive. The text aims to harmonize the 28 existing laws to prevent companies from taking advantage of local loopholes to escape the rules. from one country to another.
All companies, regardless of their size, European and non-European, will have to comply with new legal rules for the collection, processing, preservation and security of personal data collected from the 500 million European residents.
When GDPR applies this means for the companies that:
• They can prove that they have put in place the processes necessary to bring them into compliance
• The processing of personal data is clearly mapped
• There is a specific internal organization process (appointment of a Data protection officer, training / awareness of the teams)
• Acquire software tools that compliment them in fulfilling their obligations.
In general, the information collected on individuals must be lawful in view of the purpose of the treatment envisaged. Comments should not be inappropriate, subjective or insulting.
Special attention must be paid to the so-called “sensitive” data referred to in Article 9 of the GDPR, data which includes health data.Patients need to know what their data will be used for, how long it will be kept, whether it will leave the European Union and whether it will be shared with third parties.
Companies will need to obtain the consent of users to use their data. The user must give an informed agreement for the collection and exploitation of his data.The text also strengthens the right of users to access, correct and delete their data.
In the event of non-compliance, infringing companies may be fined up to 20 million euros or 4% of their annual turnover, whichever is the higher. However, before reaching this point, the authorities will be able to use a whole range of measures to encourage companies to comply.The control of companies will be carried out by a series of national and regional regulatory authorities in the 28 Member States.
AMedSU offers its customers “iRejuvenation”, a compliant GDPR software solution for monitoring, reporting and traceability of facial rejuvenation operations.
AMedSU only collects and processes the data needed to monitor the customer relationship. Users of the cloud solution “AMedSU Network” can at any time contact the AMEDSU DPO to request communication, modification or deletion of their personal data. All personal data is deleted three months after the subscription has been stopped.
Having anticipated the “en force” application of GDPR, AMedSU has set up directly in iRejuvenation the “Health Data Consent” intended to inform patients of their rights, thus helping its clients to become GDPR compliant. The cloud solution “AMedSU Network” is secure, the data is encrypted and stored in a compliant GDPR / HIPAA manner. Only the professional can access the data of his patients.