When developing an app, especially when doing a pilot with hospitals, one of the most important questions you’ll encounter is: who is the Data Controller, and who is the Data Processor?

Cybersecurity threats are an ever-present reality. If you’ve received an email from a so-called “security researcher” claiming to have found a vulnerability on your website, you’re not alone.

Millions of people in Europe assume that cookie banners and consent popups are both part of GDPR. However, the reality is more complex.

Data privacy is a complex challenge for everyone—users, companies, and even governments. That’s the case with Strava’s heat maps, which resurfaced recently after Le Monde reported that the app inadvertently exposed sensitive information about world leaders.

There have always been many doubts and misunderstandings about ISO certifications. In the last years we often get asked questions about ISO 27001 like: Do I really need it? The answer, as with many things in business, is not straightforward.

Struggling with a provider that doesn’t offer a Data Processing Agreement (DPA)? Learn how to stay GDPR compliant by drafting your own DPA or switching to a compliant provider.

The EU Council gave the groundbreaking AI Act—the world's first comprehensive set of rules for AI—the final green light.In this blog post, we will explore the different categorisations of AI systems according to the AI Act's final text.

Being fresh from DMEA this month, I still see a concerning problem for EU digital health companies: hospitals and clinics are (still) reluctant to adopt cloud solutions.

It seems that it is impossible to benefit from AI advantages while keeping patient data intact and safe. To overcome this, several AI companies have found the answer to many problems in synthetic data: data sharing, algorithm training, and collaboration with third parties.