Impact of the European General Data Protection Regulation (GDPR) on Health Data Management in a European Union Candidate Country: A Case Study of Serbia (Preprint)

General Data ◽

The Eu

UNSTRUCTURED As of May 2018, all relevant institutions within member countries of the European Economic Area are required to comply with the European General Data Protection Regulation (GDPR) or face significant fines. This regulation has also had a notable effect on the European Union (EU) candidate countries, which are undergoing the process of harmonizing their legislature with the EU as part of the accession process. The Republic of Serbia is an example of such a candidate country, and its 2018 Personal Data Protection Act mirrors the majority of provisions in the GDPR. This paper presents the impact of the GDPR on health data management and Serbia’s capability to conduct international health data research projects. Data protection incidents reported in Serbia are explored to identify common underlying causes using a novel taxonomy of contributing factors across aspects and health system levels. The GDPR has an extraterritorial application for the non-EU data controllers who process the data of EU citizens and residents, which mainly affects private practices used by medical tourists from the EU, public health care institutions frequented by foreigners, as well as expatriates, dual citizens, tourists, and other visitors. Serbia generally does not have well-established procedures to support international research collaborations around its health data. For smaller projects, contractual arrangements can be made with health data providers and their ethics committees. Even then, organizations that have not previously participated in similar ventures may require approval or support from health authorities. Extensive studies that involve multisite data typically require the support of central health system institutions and relevant research data aggregators or electronic health record vendors. The lack of a framework for preparation, anonymization, and assurance of privacy preservation forces researchers to rely heavily on local expertise and support. Given the current limitation and potential issues with the legislation, it remains to be seen whether the move toward the GDPR will be beneficial for the Serbian health system, medical research, protection of personal data and privacy rights, and research capacity. Although significant progress has been made so far, a strategic approach is needed at the national level to address insufficient resources in the area of data protection and develop the personal data protection environment further. This will also require a targeted educational effort among health workers and decision makers, aiming to improve awareness and develop skills and knowledge necessary for the workforce.

Impact of the European General Data Protection Regulation (GDPR) on Health Data Management in a European Union Candidate Country: A Case Study of Serbia

JMIR Medical Informatics ◽

10.2196/14604 ◽

2020 ◽

Vol 8 (4) ◽

pp. e14604 ◽

Cited By ~ 1

Author(s):

Branko Marovic ◽

Vasa Curcin

Keyword(s):

European Union ◽

Health System ◽

Data Protection ◽

Personal Data ◽

Health Data ◽

Candidate Country ◽

General Data ◽

The Eu

As of May 2018, all relevant institutions within member countries of the European Economic Area are required to comply with the European General Data Protection Regulation (GDPR) or face significant fines. This regulation has also had a notable effect on the European Union (EU) candidate countries, which are undergoing the process of harmonizing their legislature with the EU as part of the accession process. The Republic of Serbia is an example of such a candidate country, and its 2018 Personal Data Protection Act mirrors the majority of provisions in the GDPR. This paper presents the impact of the GDPR on health data management and Serbia’s capability to conduct international health data research projects. Data protection incidents reported in Serbia are explored to identify common underlying causes using a novel taxonomy of contributing factors across aspects and health system levels. The GDPR has an extraterritorial application for the non-EU data controllers who process the data of EU citizens and residents, which mainly affects private practices used by medical tourists from the EU, public health care institutions frequented by foreigners, as well as expatriates, dual citizens, tourists, and other visitors. Serbia generally does not have well-established procedures to support international research collaborations around its health data. For smaller projects, contractual arrangements can be made with health data providers and their ethics committees. Even then, organizations that have not previously participated in similar ventures may require approval or support from health authorities. Extensive studies that involve multisite data typically require the support of central health system institutions and relevant research data aggregators or electronic health record vendors. The lack of a framework for preparation, anonymization, and assurance of privacy preservation forces researchers to rely heavily on local expertise and support. Given the current limitation and potential issues with the legislation, it remains to be seen whether the move toward the GDPR will be beneficial for the Serbian health system, medical research, protection of personal data and privacy rights, and research capacity. Although significant progress has been made so far, a strategic approach is needed at the national level to address insufficient resources in the area of data protection and develop the personal data protection environment further. This will also require a targeted educational effort among health workers and decision makers, aiming to improve awareness and develop skills and knowledge necessary for the workforce.

Data Sharing Under the General Data Protection Regulation

Hypertension ◽

10.1161/hypertensionaha.120.16340 ◽

2021 ◽

Vol 77 (4) ◽

pp. 1029-1035

Author(s):

Antonia Vlahou ◽

Dara Hallinan ◽

Rolf Apweiler ◽

Angel Argiles ◽

Joachim Beige ◽

...

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Research Approach ◽

The European Union ◽

Protection Legislation ◽

General Data ◽

Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

E3S Web of Conferences ◽

10.1051/e3sconf/202127308099 ◽

2021 ◽

Vol 273 ◽

pp. 08099

Author(s):

Mikhail Smolenskiy ◽

Nikolay Levshin

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Main Role ◽

The European Union ◽

Protection Measures ◽

The Usa ◽

General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

SCOPE AND NATURE OF CHANGES IN PERSONAL DATA PROTECTION SYSTEMS OF PUBLIC INSTITUTIONS IN THE LIGHT OF THE PROVISIONS OF THE GDPR (GENERAL DATA PROTECTION REGULATION)

Kultura Bezpieczeństwa Nauka – Praktyka - Refleksje ◽

10.5604/01.3001.0012.8602 ◽

2018 ◽

Vol 31 (31) ◽

pp. 169-186

Author(s):

Marek Mazur

Keyword(s):

Data Protection ◽

Personal Data ◽

Public Institutions ◽

Data Systems ◽

Minimum Standards ◽

Protection Systems ◽

General Data ◽

The Eu

The EU GDPR Regulation introduced rules and regulations on the protection of individuals with regard to the processing of their personal data regardless of their citizenship or place of residence. The article focuses on issues related directly to the regulation on the protection of personal data and related to documents that regulate the protection of personal data and their processing in public institutions in Poland. The author presents basic estimates about the entry of the GDPR Regulation, indicates the importance of individual Dobies/organisations and entities playing a key role in the protection of personal data on the territory of Poland. It describes the documents that establish minimum standards for personal data protection systems to be developed in public institutions to guarantee security. In this article, the author attempted to indicate the scope and nature of changes in personal data systems in the light of the provisions of the GDPR Regulation.

Personal Data Security in South Africa’s Financial Services Market: The Protection of Personal Information Act 4 of 2013 and the European Union General Data Protection Regulation Compared

Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad ◽

10.17159/1727-3781/2021/v24i0a10727 ◽

2021 ◽

Vol 24 ◽

pp. 1-32

Author(s):

Tapiwa V Warikandwa

Keyword(s):

European Union ◽

Data Protection ◽

Financial Services ◽

Personal Information ◽

Personal Data ◽

African Countries ◽

General Data ◽

Laws And Regulations

The contemporary global financial services market has witnessed a substantial increase in cybercrime which places consumers’ personal data at risk. Rapid increases in cybercrime linked to the financial services market have driven financial market regulators to pass novel laws and regulations aimed at curbing the rate of occurrence of cybercrimes connected to personal data sharing. To that end, banks and/or financial services companies in Europe have swiftly moved to comply with the European Union’s General Data Protection Regulation. Whilst personal data protection regulation is not a new concept in Europe, most African countries (with exception of South Africa) do not have laws and regulations on personal data protection. With the financial services market being extremely vulnerable to cyber risks owing to the digitisation of the financial services sector, it is important to assess the suitability of South Africa’s current regulatory framework concerning the protection of personal data. This article thus examines South Africa’s Protection of Personal Information Act 4 of 2013 with a view to ascertaining its suitability and/or adequacy in protecting personal data in the country’s financial services market. With the global Covid-19 pandemic bringing about concerns related to rapid increases in cyber-attacks in the financial services market owing to the increased sharing of the sensitive personal data of consumers, there is also need to test the POPIA’s conformity with the strict European Union GDPR personal data protection guidelines.

Data Protection in the EU and its Implications on Software Development outside the EU

Journal of Institute of Science and Technology ◽

10.3126/jist.v24i1.24620 ◽

2019 ◽

Vol 24 (1) ◽

pp. 1-5

Author(s):

Ralf Kneuper

Keyword(s):

European Union ◽

Software Development ◽

Data Protection ◽

Personal Data ◽

Software Requirements ◽

The European Union ◽

It Systems ◽

General Data ◽

The Eu

In May 2018, the General Data Protection Regulation (GDPR 2016) came into effect in the European Union (EU), defining requirements on how to handle personal data of EU citizens. This report discusses the effects of this regulation on software development organisations outside the EU, and summaries the software requirements that result from GDPR and therefore apply to most information technology (IT) systems that will handle data of individuals based in the EU.

The Analysis of Risks to Personal Data Security

Security Dimensions ◽

10.5604/01.3001.0014.5614 ◽

2020 ◽

Vol 34 (34) ◽

pp. 256-267

Author(s):

Sylwia Kosznik-Biernacka

Keyword(s):

Risk Analysis ◽

Data Protection ◽

Personal Data ◽

Careful Analysis ◽

Analysis And Evaluation ◽

Analysis Methodology ◽

General Data ◽

The Eu

Article 32 of the EU General Data Protection Regulation imposes the obligation to implement appropriate safeguards to protect personal data. It states that the application of adequate measures is to be preceded by a risk analysis and evaluation. In the current paper, as the main risk factors, probability and consequences were assumed that take into account the basic attributes of information, i.e. confidentiality, integrity and availability. Next, a risk analysis methodology based on the risk matrix is proposed. The issue discussed in the publication is currently valid and still requires careful analysis in order to develop universal standards aimed at establishing certification mechanisms as well as quality labels and markings in terms of personal data protection.

General data protection regulation: revisão sistemática de literatura sobre a regulação de proteção de dados pessoais na União Europeia / General data protection regulation: systematic literature review on the regulation of personal data protection in the European Union

Brazilian Journal of Development ◽

10.34117/bjdv7n12-589 ◽

2021 ◽

Vol 7 (12) ◽

pp. 118967-118985

Author(s):

Eloy Pereira Lemos Junior ◽

Helton Junio Da Silva ◽

Henrique Rodrigues Lelis

Keyword(s):

European Union ◽

Literature Review ◽

Systematic Literature Review ◽

Data Protection ◽

Personal Data ◽

The European Union ◽

General Data

ALGORITHM OF USER’S PERSONAL DATA PROTECTION AGAINST DATA LEAKS IN WINDOWS 10 OS

Informatyka Automatyka Pomiary w Gospodarce i Ochronie Środowiska ◽

10.5604/01.3001.0013.0905 ◽

2019 ◽

Vol 9 (1) ◽

pp. 41-44

Author(s):

Olexander Zadereyko ◽

Olena Trofymenko ◽

Nataliia Loginova

Keyword(s):

European Union ◽

Operating Systems ◽

Data Protection ◽

Computer Systems ◽

Personal Data ◽

The European Union ◽

Processing Data ◽

General Data

In the European Union, in the first half of 2018, the General Data Protection Regulation came into force, which established the new rules for processing users’ personal data for IT companies. The operating systems (OS) are the dominant software that is responsible for collecting and processing data in computer systems. The most common OS is the Windows OS family. The authors identified Windows 10 operating systems, that collect and accumulate user's personal data; developed and tested practically an algorithm, the application of which localizes and blocks the transfer of user's personal data to official servers of the Microsoft company.

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

European Journal of Health Law ◽

10.1163/15718093-12520368 ◽

2018 ◽

Vol 25 (3) ◽

pp. 284-307

Author(s):

Giovanni Comandè ◽

Giulia Schneider

Keyword(s):

Data Mining ◽

Data Protection ◽

Personal Data ◽

Health Data ◽

General Level ◽

The Face ◽

General Data ◽

Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.