General Data Protection Regulation

The EU GDPR is a data privacy regulation which will fundamentally reshape the way in which data is handled across every sector, from healthcare to banking and beyond. Stronger rules on data protection mean people have more control over their personal data and businesses benefit from a level playing field.

It doesn’t apply to the processing of personal data of deceased persons or of legal persons.

Know who are?
  • Data Subject
    (Ex. Patient)
  • Controller
    (Ex: Hospitals, Clinics, Doctors, etc.)
  • Processor
    (Ex: 1st level IT Service Provider)
  • Sub processor
    (Ex: 2nd level IT Service Provider)
Healthcare Core Functions
Handling personal data Data protection impact assessment Data transfers Audits and logs Accountability Data breach notification Remote support authorization
Do's
  • Capture required patient data only.
  • Anonymise, Encrypt & Pseudonymise all Personal Data.
  • Get controller’s consent through email for remote support.
  • Notify data breach immediately to controllers or DPAs.
  • Consider HTTPS/OAUTH/Basic authentication for data portability and secured communications.
  • Make sure sessions, cookies expire and are destroyed after logout.
  • Change cookie policies as per GDPR requirement.
  • Include accessed user accounts in logs and audits.
  • Delete complete patient data after contractual period ends.
Don'ts
  • Cookies undestroyed.
  • Writing personal identifiable information in logs.
  • Using unauthorized softwares to access remote machine(s).
  • Leaving the stored personal data in remote machine(s).
  • Performing unintended tasks in remote machine(s).
  • Transferring patient’s data for training or other purposes.
Our Views


krishnaSenior Project Manager
In the current cyber crime era, securing and managing patient data become very vital and challeging for any IT service provider...By adhering to EU GDPR and implementing the solutions as per the Data Privacy Regulation, we were able to overcome majority of the pain areas.
mohanSenior Business Analyst
We assure patient's data are not misused by developer community or support personnels. We had implemented EU GDPR in all our applications... During design and development itself we had mandated developers to include solutions to protect and secure patient's data. We have an expert team, who have very strong knowledge in EU GDPR..
Sharmila JagadeesanBusiness Analyst
Digital transformation is powering many advances in health care, but it is also posing threats to data privacy, security and confidentiality of patient data... In compliance with the EU General Data Protection Regulation,the web application is developed to optimize secure data management in health care. We are undertaking GDPR as a continuous process and our motive is to standardize the privacy aspect in design stage itself so that by the end, the patient data is secured..


Want your existing or new web products GDPR compliant faster?

The EU GDPR is one of the most significant changes to how businesses collect, process and make use of an individuals personal data. EU GDPR has been designed to protect and empower the data privacy of all individuals living in an EU member state.

Data covered by GDPR compliance

According to GDPR, any information that are related to identified or identifiable living individual - name, a photo, an email address, banking information, location details, or a computer IP address are defined as personal data.

The GDPR legislation safeguards any information of a person commonly uploaded / stored / transferred online. GDPR enforcement is very vital in the Healthcare industry as in today’s date, the patient’s medical data are collected and processes through online which is very sensitive personal data.

Know if your organization will be impacted

If your organization collects and processes personal data of EU Citizens on own or on behalf of another organization, the GDPR regulation applies.

If your organization operates in EU or outside EU, but processes and manages data of EU citizens, the GDPR regulation also applies.

It is very significant for your organization to abide GDPR regulations in-order to safeguard from the financial implications. The organization that failing to comply is liable to pay a fine of 20 million Euros or 4% of its total annual turnover (whichever is greater).

Why to Consult EMD Systems?

We, EMD Systems provide GDPR compliance services to organization across all business sectors. Our GDPR consultants and analyst are committed to reshape your organizations approach on data privacy and ensure your business is aligned with the GDPR regulations, without any operational disruptions.

We, EMD systems can help your organization with GDPR compliance for your newly developing Website / App / Product or your already established products.

EMD Systems Approach towards GDPR compliance,
Risk Assessment

Our consultant will review the existing or new developing system and identify the areas those don’t comply with GDPR compliance. They will identify opportunities or threats to the company towards the data privacy managed by the business. Our consultants and analysts also evaluate if they are sizable enough to warrant a change in strategy. If actions needed, our consultants build a plan for change, what needs to be accomplished and by when.

Build Plan for Change

On the basis of the assessment of business operation and GDPR compliance checklist our consultants will build a plan to achieve the GDPR compliance towards data privacy. At the same time they also ensure your business without any operational disruptions.

Implementation

Some robust features we deal with for protecting the data being processed by your organization are,

  • Enhancing access controls through authorization and authentication.
  • Encrypt or anonymize or delete user data after careful technical assessment.
  • Perform data audits or assessments using data processing logs and execute required correction.
  • Create provisions for data subjects’ rights.
  • Enhance security for user data.

The key rights of the “data subject” we keep in mind while execution of GDPR compliance,

  • "Easier access to personal data:
    Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way."
  • "A right to data portability:
    It will be easier to transfer your personal data between service providers."
  • "A clarified 'right to be forgotten':
    When you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be delete."
  • "The right to know when your data has been hacked:
    For example, companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures."
Support

GDPR compliance reflects with the fast response against breach detection of data. A major need of GDPR is the ability to respond within 72 hours from the time of its awareness. It is crucial to create data breach record within the security operations. We help you do it right.

Do you want to discuss with our experts today if you are the company that stores or processes EU citizens data and need help from a technical perspective.
Reach us at info@emdsys.com and accelerate your compliance with EU GDPR.
Or
Enquiry Now

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 27 April 2016

On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - Read more



Key Articles

040506091213151617181920212224252830323334374546
Reach us

EMD SYSTEMS SOFTWARE PRIVATE LIMITED
2nd FLOOR (NORTH WING), GAMMA BLOCK, SSPDL - “ALPHA CITY”, OMR, NAVALUR, CHENNAI - 603 103.

Ph: +91 - 044-4744 7787 | Email us:contactus@emdsys.com