MDR, GDPR Compliance

MDR and GDPR: Building compliant eHealth applications

The MDR is going to impact many eHealth developers. MDR also implies a need for GDPR. In this blog, we look at how compliance will affect your delivery timeline.

Why does MDR matter?

The MDR (medical device regulation) will affect many developers of eHealth applications. Software is explicitly covered and can even receive the highest risk rating (Class III). This means you need to understand how to become compliant. We discuss this in more detail in our new MDR eBook.

Download our eBook on building MDR compliant applications

Download now

How hard is MDR compliance?

Building applications that comply with all relevant regulations (MDR, GDPR, etc.) is tough. Mandatory requirements include legal, security, quality and classical technical tasks. Most eHealth application developers don't have all the relevant knowledge. And this effort may seem like a distraction from value-add activities, i.e. designing your product, understanding customers, marketing, revenues and investments. However, if you don't get MDR certification, you won't be able to distribute or sell your application in the EEA.

How does MDR affect my timeline?

There is no simple answer to this. It depends on how complex your application is. However, as a rule of thumb, creating the necessary infrastructure, developing the technical measures, etc. for GDPR will take round 9-12 months of effort. If you are new to the field, this could easily double. If everything goes well, MDR compliance will add at least 6 months of QMS setup and documentation. So, overall you could easily be looking at over 1-2 years of development effort.

In the graph below, we show how your choice of cloud provider can significantly affect your project delivery.

How does help? provides you with all the necessary  technology modules to create GDPR and MDR compliant applications. Our API is quick and simple to integrate. As a result, you

How speeds up delivery of your project

Option 1. Implement all GDPR technical measures yourself. These include pseudonymization, encryption and consent tracking. It can easily take 6+ months to get these right.
Option 2. Integrating the API. Our API solves the GDPR technical measures. This means you save on both design and development. Our ISO 13485 certification also saves time with the MDR certification process. Overall, most projects will save 6-9 months development time.

What next?

If you need more information, join us in September for a webinar on this topic. We will explain some of the tools and technologies that can speed up MDR and GDPR compliance. Our CEO, Dr. Jovan Stevovic will be presenting alongside Matteo Gubellini, the Co-founder & VP of Regulatory Affairs/Chief Regulatory Officer at SoftComply.

MDR & GDPR: practical tips and tools for health innovators

Join us on 25 September at 16.30 CEST

Sign up now
Author image

About Toby Moncaster

Toby is a seasoned technical author with a love of data security & networking. He spent a decade in R&D, project and product management. He received his computer science PhD from Cambridge in 2018.
  • Berlin