Read our Latest Expert Industry Insights

By storing data locally on a user's device, you have fewer administrative obligations compared to when you transfer and process data in the cloud. However, you still need to provide methods to delete data in case of device theft or loss.

Under GDPR, anonymous data is not treated as personal data, therefore no user consent and no particular protection is required. However, it is very difficult to ensure that the data is truly anonymous.

This brief post summarizes some of the key points relevant to Digital Health companies.

The typical ticked boxes in subscription forms are no more enough: in four months from now every company will have to ensure that the consents on processing of sensitive data.

As a digital health application developer, you need to keep this new right into consideration.

Il Garante ha preso le distanze da entità o aziende che hanno offerto finora certificazioni alle imprese, per due motivi (come si può anche vedere nello schema soprastante).

Certification bodies and Italy's DPA can then issue certifications. However, these need to follow some "certification criteria" (as demanded in art. 42(5) GDPR) which must be as well identified by the Garante.

During 2016 data breaches techniques and attempts changed dramatically on a worldwide scale, and the healthcare sector was one of the most targeted fields.

One of the many new concepts introduced by the GDPR - the EU General Data Protection Regulation - is the Data Protection Impact Assessment (DPIA), regulated at art. 35. The DPIA can be defined as a process designed to.