MDR, GDPR Compliance

MDR and GDPR: Building compliant eHealth applications

The MDR is going to impact many eHealth developers. MDR also implies a need for GDPR. In this blog, we look at how compliance will affect your delivery timeline.

Why does MDR matter?

The MDR (medical device regulation) will affect many developers of eHealth applications. Software is explicitly covered and can even receive the highest risk rating (Class III). This means you need to understand how to become compliant. We discuss this in more detail in our new MDR eBook.

Download our eBook on building MDR compliant applications

Download now

How hard is MDR compliance?

Building applications that comply with all relevant regulations (MDR, GDPR, etc.) is tough. Mandatory requirements include legal, security, quality and classical technical tasks. Most eHealth application developers don't have all the relevant knowledge. And this effort may seem like a distraction from value-add activities, i.e. designing your product, understanding customers, marketing, revenues and investments. However, if you don't get MDR certification, you won't be able to distribute or sell your application in the EEA.

How does MDR affect my timeline?

There is no simple answer to this. It depends on how complex your application is. However, as a rule of thumb, creating the necessary infrastructure, developing the technical measures, etc. for GDPR will take round 9-12 months of effort. If you are new to the field, this could easily double. If everything goes well, MDR compliance will add at least 6 months of QMS setup and documentation. So, overall you could easily be looking at over 1-2 years of development effort.

In the graph below, we show how your choice of cloud provider can significantly affect your project delivery.

How does Chino.io help?

Chino.io provides you with all the necessary  technology modules to create GDPR and MDR compliant applications. Our API is quick and simple to integrate. As a result, you

How Chino.io speeds up delivery of your project

Option 1. Implement all GDPR technical measures yourself. These include pseudonymization, encryption and consent tracking. It can easily take 6+ months to get these right.
Option 2. Integrating the Chino.io API. Our API solves the GDPR technical measures. This means you save on both design and development. Our ISO 13485 certification also saves time with the MDR certification process. Overall, most projects will save 6-9 months development time.

Author image

About Toby Moncaster

Toby is a seasoned technical author who loves data security & networks. He spent a decade in R&D, project and product management. He received a computer science PhD from Cambridge and lives in Berlin.
  • Berlin