Now it is becoming serious: from May 25, 2018 onward, compliance with the EU General Data Protection Regulation (EU GDPR) is compulsory.
Implementation and compliance with the GDPR can by audited by EU data protection authorities and courts. Fundamentally, the GDPR imposes strict requirements with regard to data processing security. Similar to our own German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), this Regulation calls for the implementation of the appropriate technical and organizational measures to protect data processed—and puts these measures in place in order to apply this condition to the latest technology. The obligation which is significantly strengthened in comparison to the BDSG is the requirement to be able to prove at any time that a public authority is complying with data protection measures. Under GDPR, unlike under the BDSG, non-compliance with the relevant data protection measures can also incur a fine. And these fines can be hefty. Until now, the maximum fine was 300,000 euros. In future, the fine can be up to 4% of prior year annual global turnover. It is unclear which cases will actually be punished with such a harsh fine, but healthcare facilities should prepare themselves for large fines. For more info, visit: gdpr-info.eu