Let Us Take the Weight Off Your Shoulders

At the moment we cover GDPR and HIPAA, since ChecksMATE was born to solve the nightmare of data protection regulations in the healthcare space. We are working on adding more standards to the platform natively, but with these basis and our expert team, we help companies comply with several other standards, such as ISO27001, NHS DTAC, DiGA requirements (including BSI200), PECAN requirements and much more!

ChecksME provides easy-to-use templates to help you create and manage your Records of Processing Activities (RoPA), ensuring you stay compliant with GDPR.

The tool is free to use up to 50 questions per months, if you need more you can subscribe to the paid version.

The legal framework's definition of an AI system aims to be as technology-neutral and future-proof as possible, considering the fast technological and market developments related to AI. A machine-based system designed to operate with varying levels of autonomy that may exhibit adaptiveness after deployment and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments. So, an AI system is basically any machine-based setup that can work on its own to some degree. It can adapt after it’s been launched, and it figures out how to produce outputs like predictions, content, recommendations, or decisions based on the data it gets. These outputs can then impact both the digital and physical world.

Under GDPR, the data protection officer (DPO) can be thought of as the champion of data subject rights. That is, she is the person upholding the privacy rights of the end users of your application. The GDPR makes it very clear what a DPO must do: (1) Inform the company and their staff what their duties are under GDPR and related regulations. (2) Monitor their compliance with GDPR, including assigning responsibilities and ensuring staff are appropriately trained (3) Providing advice relating to the data protection impact assessment (DPIA) and ensuring the company complies with it. (4) Cooperate with the supervising data protection authority.

SARs (Subject Access Requests) allow individuals to access personal data an organization holds about them. DSRs (Data Subject Requests) cover broader rights, like data rectification or deletion.

Like any AI, the tool may make mistakes. However, you can consult the source of the answer for a better understanding of the AI's response. When necessary, you can ask one of our consultants to review the answer and provide a report to you.

ChecksMATE was the tool we developed internally to help companies manage compliance such as startups, SMEs and corporates. ChecksMATE was created by a startup by working with startups, and startups are most of our customers. Along the way we figured out that enterprises ended up needing pretty much the same tools, since product departments try to work as startups too, so everyone is welcome to use ChecksMATE to comply with data protection laws easier and faster.

Provider: who develops any AI system and sells it or makes it available under their name or brand, whether for money or for free.

There are various reasons why you may need a DPO. The GDPR sets out three main ones: (1) If you are a public authority (or by implication, if you are acting on their behalf). (2) If you are conducting systematic monitoring on a large scale. This usually means CCTV surveillance, but also covers other cases. (3) If you are processing a lot of sensitive data.

ChecksMATE is included in the price of our Compliance Partner & DPO services.

Yes, ChecksME offers tools to manage data breaches, SARs, DSRs, and other compliance tasks, making day-to-day GDPR management simple. ChecksME can streamline compliance with SARs, DSRs, and data breaches, ensuring quick, accurate responses while reducing legal risks for your organisation.

The AI is trained on GDRP, HIPAA, DVG-BSI, and AI-ACT. We are updating the knowledgebase daily to improve the assistant daily.

Deployer: who uses an AI system within their organisation, except when the AI system is used for personal, non-professional activities.

A DPO can help identifying and solving a wide range of topics, such as: (1) Assessing whether your providers are compliant. Under GDPR, you need to make sure all your providers and contractors are themselves compliant with GDPR. (2) Responding to data subject rights requests. One of the most important things a DPO can do is help you respond to requests regarding the rights of data subjects. (3) Maintaining your GDPR documentation. There are a number of key documents relating to GDPR and some of these are mandatory (e.g. privacy policy or records of processing activities) and some are only needed in some cases (e.g. DPIA).

Certainly not! We aimed to make the platform as self-explanatory as possible. We know though that data protection is complex, and it’s pretty much impossible to keep all the legalese away. In particular when making tough decisions (data controller or data processor? How to describe the purpose of my data processing activities?) So when you feel lost or you’re uncertain about what is the right answer to these questions, you can just reach out to your team and get them all sorted out by an expert!

GDPR is a European regulation designed to protect personal data. For startups in digital health dealing with sensitive information, compliance is crucial to avoid fines and protect user trust.

Many existing AI solutions used in healthcare are integrated into medical devices regulated under the MDR. Most of them will qualify as high-risk AI systems under the AI Act. 👉​ What does this mean? Digital Health companies must ensure compliance with both MDR and the corresponding requirements of the AI Act. It will apply to any DTx, Decision Support Systems, and any other software as a Medical Device that uses AI.

There are also a couple of other reasons for appointing a DPO. For instance: (1) Because you are working with an organisation that asks you to appoint one. Typical examples are digital health startup conducting clinical trials with a hospital or Clinical Research Organisation. (2) If you are a B2B company processing a lot of data on behalf of large companies. Then they may ask you to have a DPO to help protect them and their reputation.

Of course, while we offer the option of becoming your DPO ourselves, you can also use the platform as a DPO yourself, and even get the support of our team when getting tough questions.

Being “labelled” as a High-Risk AI System means that you have requirements to fulfil to be able to sell your AI. Such as: Risk Management System, Data Governance, Technical Documentation, Record-Keeping, Transparency and Information for Deployers, Human Oversight, Accuracy, Robustness, and Cybersecurity.

There are various strict requirements about who can act as your DPO. For a start, they must be an expert in data privacy law. That means knowing GDPR inside-out. Then there’s the requirement to be independent. That means they can’t have an executive role in the company. Otherwise, they wouldn’t be acting on behalf of the data subjects. Thirdly, the DPO must be in a position to provide advice whenever needed. Importantly, the GDPR does allow you to outsource your DPO role. That’s particularly helpful for startups who typically struggle to find someone internally that matches the requirements above.

Indeed!

Yes, the team is available to write the documentation for you whenever required. The more you progress providing input in the platform, the more cost effective these services will be!

Currently the platform is in English, and we are working on our German and Italian versions - our experts speak multiple languages, if you are in need of any in particular feel free to ask!