Skip to content

GDPR for Medical Devices

Home / Trainings and events / GDPR for Medical Devices

Medical devices, especially software, can involve storing and processing sensitive personal health data as defined in General Data Protection Regulation GDPR. Compliance with the regulation builds trust towards customers and patients, supports controlled and efficient data processing and helps to manage business-critical data protection risks.

Meeting the requirements of data protection regulation requires that the processes and information systems in which personal data are processed take the regulation into account. GDPR compliance is not achieved only by producing a privacy statement and the gaps in data protection implementation are a risk to business continuity.

Practical considerations related to GDPR for Medical devices are summarized in this training.

Topics of this session

  • Personal data – what is personal data?
  • Data protection principles
  • Legal basis of personal data collection
  • Planning and resources – critical tasks
  • Measures and reporting
  • Documentation
  • Perspectives (legal, process, technical)
  • Data protection risk management
  • Implementation challenges and solutions


Markus Vattulainen
Markus Vattulainen
Data Manager

Markus Vattulainen is a Data Manager in Labquality's CRO business. His responsibilities include designing clinical device research, modeling research data flows, server environments, data collection systems (ECRF), document management systems (TMF, ISF), programmatic controls for data quality, technical data security, and data protection for clinical research (GDPR).

Target group

All health tech developers, medical device manufacturers and stakeholders interested in gaining specific knowledge on how to apply General Data Protection Regulation for medical devices. Special focus on start-up founders and staff, university innovator teams as well as young health tech professionals and new employees.

After this session, you

  • Know the basic GDPR considerations for medical devices
  • Are aware of data protection principles
  • Understand the necessary documents needed to demonstrate compliance
  • Are aware of the GDPR risks and controls

Billing and cancellation policy

Read the billing and cancellation policy for online trainings here.

Participation in the training can be cancelled two weeks (14 days) before the event free of charge. For cancellations made after this, we will charge 50% of the participation fee, except for cancellations made one week before the event, we will charge a 100% participation fee.

Cancellations are always made in writing to:  
The participating organization may, if it wishes, change the participant free of charge by notifying it in writing before the event to: The participation fee will be invoiced immediately after the event. The training session will be confirmed to the participant by e-mail about a week before the event.  Labquality reserves the right to cancel the training session due to a small number of participants.

Subscribe to our newsletter

Subscribe to hear the latest news in the industry and keep track of what's happening behind the scenes.