Digital health entrepreneurs face hard choices early on. They have to develop a compelling product and take it to market. But they also are operating in a highly regulated space. So, they need to also focus at least some attention on data privacy and security. In this market these aren’t a “nice to have”, they’re often a requirement to be able to launch, close your first deal or even do clinical studies.

When developing an app, especially when doing a pilot with hospitals, one of the most important questions you’ll encounter is: who is the Data Controller, and who is the Data Processor?

Cybersecurity threats are an ever-present reality. If you’ve received an email from a so-called “security researcher” claiming to have found a vulnerability on your website, you’re not alone.

Millions of people in Europe assume that cookie banners and consent popups are both part of GDPR. However, the reality is more complex.

Data privacy is a complex challenge for everyone—users, companies, and even governments. That’s the case with Strava’s heat maps, which resurfaced recently after Le Monde reported that the app inadvertently exposed sensitive information about world leaders.

There have always been many doubts and misunderstandings about ISO certifications. In the last years we often get asked questions about ISO 27001 like: Do I really need it? The answer, as with many things in business, is not straightforward.

Struggling with a provider that doesn’t offer a Data Processing Agreement (DPA)? Learn how to stay GDPR compliant by drafting your own DPA or switching to a compliant provider.

The EU Council gave the groundbreaking AI Act—the world's first comprehensive set of rules for AI—the final green light.In this blog post, we will explore the different categorisations of AI systems according to the AI Act's final text.

Being fresh from DMEA this month, I still see a concerning problem for EU digital health companies: hospitals and clinics are (still) reluctant to adopt cloud solutions.