Under GDPR, anonymous data is not treated as personal data, therefore no user consent and no particular protection is required. However, it is very difficult to ensure that the data is truly anonymous.

This brief post summarizes some of the key points relevant to Digital Health companies.

The typical ticked boxes in subscription forms are no more enough: in four months from now every company will have to ensure that the consents on processing of sensitive data.

Certification bodies and Italy's DPA can then issue certifications. However, these need to follow some "certification criteria" (as demanded in art. 42(5) GDPR) which must be as well identified by the Garante.

One of the many new concepts introduced by the GDPR - the EU General Data Protection Regulation - is the Data Protection Impact Assessment (DPIA), regulated at art. 35. The DPIA can be defined as a process designed to.

As a Digital Health Enterprise, one of your first concern should be how to protect the health sensitive data that you are collecting from your users and storing/managing in your service.

This article cover common questions about the new EU General Data Protection Regulation (GDPR) and how it impacts digital health developers.

As you may already know, the new GDPR (General Data Protection Regulation) will be effective from May 2018, introducing a new framework for everyone who processes EU citizens' personal data.

The EU General Data Protection Regulation (GDPR)], is a new legal instrument that harmonizes privacy rules for all European Union Member States.