We provide services and expertise in the planning and conduct for compliance with General Data Protection Regulation (GDPR).
Explore our services
General Data Protection Regulation TrainingMedical devices, especially software, can involve storing and processing sensitive personal health data as defined in General Data Protection Regulation GDPR. Compliance with the regulation builds trust towards customers and patients, supports controlled and efficient data processing and helps to manage business-critical data protection risks. Practical considerations related to GDPR for Medical devices are summarized in this training.
General Data Protection Regulation Documentation
Under GDPR, controllers are responsible for the demonstration of compliance. Our services include the design, writing and maintenance of Data Privacy Notices and Data Protection Impact Assessment (DPIA) documents and their supporting documentation such as server environment description (storage locations), data flow models (processing steps) and technical data security checklists.
General Data Protection Regulation Design
GDPR requires data protection to be implemented “by design” and “by default”. Our service cover defining a legal basis for personal data processing, data access control policies and practices, log data policies and practices, storage and archival policies and practices, data protection measures and reporting, data protection risk management, setting up responsibilities and tasks, specifying data protection processes (data breach notification, data subject rights process) data protection monitoring plan, identifying data protection competences, training and collection of competence testing records and identifying data processing instructions needed. Key deliverable: Data Protection Plan.