scholarly journals Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Information ◽  
2020 ◽  
Vol 11 (12) ◽  
pp. 586
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Healthcare System ◽  
Data Protection ◽  
Security Policy ◽  
Personal Data ◽  
Legal Framework ◽  
Healthcare Systems ◽  
Security And Privacy ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

scholarly journals Compatibility of a Security Policy for a Cloud-based Healthcare System with the EU General Data Protection Regulation (GDPR)

2020 ◽  
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Data Protection ◽  
Security Policy ◽  
Health Care Systems ◽  
Personal Data ◽  
Legal Framework ◽  
Security And Privacy ◽  
Security Measures ◽  
Sensitive Data ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that Cloud-based health-care Systems, around the world, are facing. The most important issue is to ensure security and privacy or in other words to ensure the confidentiality, integrity and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the General Data Protection Regulation, and also at the same time we present how the Cloud-based Security Policy methodology proposed in [1] could be modified in order to be compliant with the GDPR and how Cloud environments can assist developers to build secure and GDPR compliant Cloud-based health Systems. The major concept of this paper is, primarily, to facilitate Cloud Providers in comprehending the framework of the new General Data Protection Regulation and secondly, to identify security measures and security policy rules for the protection of sensitive data in a Cloud-based Health System, following our risk-based Security Policy Methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

scholarly journals OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements (Preprint)

2018 ◽  
Author(s):  
Duarte Gonçalves-Ferreira ◽  
Mariana Sousa ◽  
Gustavo M Bacelar-Silva ◽  
Samuel Frade ◽  
Luís Filipe Antunes ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Design Principles ◽  
Security And Privacy ◽  
The European Union ◽  
Health Records ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
The Common

BACKGROUND Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems. OBJECTIVE This study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements. METHODS A list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR. RESULTS A total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements. CONCLUSIONS This study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.

scholarly journals Personal Data Protection in Russia

2020 ◽  
pp. 95-113
Author(s):  
Alexander Gurkov
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Special Role ◽  
State Control ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data

AbstractThis chapter considers the legal framework of data protection in Russia. The adoption of the Yarovaya laws, data localization requirement, and enactment of sovereign Runet regulations allowing for isolation of the internet in Russia paint a grim representation of state control over data flows in Russia. Upon closer examination, it can be seen that the development of data protection in Russia follows many of the steps taken at the EU level, although some EU measures violated fundamental rights and were invalidated. Specific rules in this sphere in Russia are similar to the European General Data Protection Regulation. This chapter shows the special role of Roskomnadzor in forming data protection regulations by construing vaguely defined rules of legislation.

22. Data protection: the legal framework

2019 ◽  
pp. 565-594
Author(s):  
Andrew Murray
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Personal Privacy ◽  
General Data Protection Regulation ◽  
Key Concepts ◽  
General Data ◽  
Geographical Scope

This chapter examines data protection, digitization of data, its implications for personal privacy, and the regulation of data industries. It begins by discussing the current law found in the General Data Protection Regulation and the Data Protection Act 2018. It examines the key concepts of data controllers, data processors, and data subjects, and discusses the conditions for the processing of personal data. This includes an examination of key cases such as Nowak v Data Protection Commissioner and Bodil Lindqvist. It looks at the geographical scope of the GDPR and the extraterritorial effect of the Regulation, and examines the domestic purposes exemption after Ryneš.

scholarly journals Data protection for networked and robotic toys - a legal perspective

2018 ◽  
Vol 27 ◽  
Author(s):  
Rocco Panetta ◽  
Federico Sartore
Keyword(s):  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
Legal Perspective ◽  
Psychological Maturity ◽  
Iot Devices

This paper is aimed to understand the state of the art and the resulting consequences of the legal framework in Europe, with regard to the protection of children's data. Especially when they interact with networked and robotic toys, like in 'My friend Cayla' case. In order to evaluate the practical implications of the use of IoT devices by children or teenager users, the first part of the paper presents an analysis of the international guiding principles of the protection of minors, a category which enjoys a higher level of protection of their fundamental rights, due to their condition of lack of physical and psychological maturity. Secondly, the focus is moved upon the protection of personal data of children. Only after confronting previous data protection legal instruments and having compared them with the novelties set forth in General Data Protection Regulation, it is reasonable to assume that new provisions such as "privacy by design" principle, adequacy of security measures and codes of conduct, can support data controllers in ensuring compliance (in line with the accountability principle) in the field of IoT toys. In conclusion, the paper supports a view of Data Protection Authorities as a relevant player in enhancing these renovated tools in order to achieve the protection of children's rights, as to ensure their substantial protection against the threats of the interconnected world.

scholarly journals Hacia un nuevo marco de transparencia durante los intercambios transnacionales de datos tributarios de carácter personal: el deber de informar

2018 ◽  
pp. 157-193
Author(s):  
Bernardo D. OLIVARES OLIVARES
Keyword(s):  
Data Protection ◽  
Minimum Degree ◽  
Personal Data ◽  
Legal Framework ◽  
General Data Protection Regulation ◽  
Legitimate Interests ◽  
General Data ◽  
Data Controller ◽  
Duty To Inform ◽  
Special Relevance

LABURPENA: Europar Batasuneko Datuak Babesteko Erregelamendu Orokorrak informazioa modu zilegi, zintzo eta gardenean tratatzea eskatzen du. Hain zuzen ere, azken printzipio horrek garrantzi handia dauka herritarren datuak eremu publikoan eskuratzeko, erabiltzeko eta lagatzeko orduan. Lan honek kritikoki jorratzen du printzipio horren proiekzioetako baten analisia: informatzeko betebeharrarena, alegia. Horretarako, esparru juridikoa aztertu dugu, arreta berezia jarriz erregelamendutik salbuesteko kasuek dakartzaten askotariko arazoei; izan ere, kasu horiek bere betebeharretik askatzen dute datuak tratatzeko arduraduna. Hainbat arazo hauteman ditugu, eta, horiek konpontzeko, arau berriak garatu eta interesdunaren bidezko interesak babesteko neurri egokiak ezarri beharko dira. Gutxieneko gardentasun-maila agertu behar da tratamenduetan, zergapekoek beren datuen erabilera kontrolatu dezaten EBko beste administrazio batzuekin informazioa trukatu ondoren. RESUMEN: El Reglamento General de Protección de Datos de la Unión Europea exige el tratamiento lícito, leal y transparente de la información. Precisamente, este último principio goza de especial relevancia durante la obtención, uso y cesión de los datos de los ciudadanos en el ámbito público. El presente trabajo aborda críticamente el análisis de una de sus proyecciones: el deber de información. Para ello examinamos su marco jurídico, prestando especial atención a los distintos problemas que plantean los supuestos de exención del Reglamento que permitirán liberar, al responsable del tratamiento, de su obligación. Hemos detectado diferentes problemas que necesitarían para su solución del desarrollo de nuevas normas y de la implantación de medidas adecuadas para proteger los intereses legítimos del interesado. Es preciso facilitar un mínimo grado de transparencia sobre los tratamientos con el objetivo de que los administrados controlen el uso de sus datos tras los intercambios de información con otras Administraciones de la UE. ABSTRACT: The General Data Protection Regulation requires that the personal data must be processed lawfully, fairly and in a transparent manner. Precisely, this last principle is of special relevance during the collection, use, and transfer of the citizens’ data. This paper critically addresses the analysis of one of its projections: the duty to inform. To do this, we examine its legal framework, paying particular attention to the various problems arising from its exemptions, which will allow the data controller to be exempt from his or her obligation. We have identified different problems that would need to be solved by the development of new regulations and from the implementation of appropriate measures in order to protect the legitimate interests of the data subjects. It is mandatory to provide a minimum degree of transparency during the processing to allow the citizens to control the use of their data after exchanges of information with other EU administrations.

scholarly journals Directive on certain aspects concerning contracts for the supply of digital content and digital services & the EU data protection legal framework: are worlds colliding?

2019 ◽  
Vol 5 (2) ◽  
pp. 34-42
Author(s):  
Maria De Almeida Alves
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Digital Content ◽  
General Data Protection Regulation ◽  
Digital Services ◽  
European Data ◽  
General Data ◽  
The Eu

This Paper will address the interplay between the Directive on certain aspects concerning contracts for the supply of digital content and digital services and the current EU data protection framework, namely the General Data Protection Regulation. Albeit the Directive has the aim of protecting consumers, has it gone too far and made a crack in the data protection EU legal framework? Can personal data be treated as a commodity or is its scope as a counter-performance subject to a particular interpretation? I shall analyze these questions in light of the European Data Protection Supervisor’s Opinion 4/2017 and the European Data Protection Board’s Guidelines 2/2019.

scholarly journals Those Who Shall Be Identified: The Data Protection Aspects of the Legal Framework for Electronic Identification in the European Union

2021 ◽  
Vol 11 (2) ◽  
pp. 3-24
Author(s):  
Jozef Andraško ◽  
Matúš Mesarčík
Keyword(s):  
European Union ◽  
Data Processing ◽  
Data Protection ◽  
Mutual Recognition ◽  
Personal Data ◽  
Legal Framework ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

Abstract The article focuses on the intersections of the regulation of electronic identification as provided in the eIDAS Regulation and data protection rules in the European Union. The first part of the article is devoted to the explanation of the basic notions and framework related to the electronic identity in the European Union— the eIDAS Regulation. The second part of the article discusses specific intersections of the eIDAS Regulation with the General Data Protection Regulation (GDPR), specifically scope, the general data protection clause and mainly personal data processing in the context of mutual recognition of electronic identification means. The article aims to discuss the overlapping issues of the regulation of the GDPR and the eIDAS Regulation and provides a further guide for interpretation and implementation of the outcomes in practice.

scholarly journals An Overview of Belgian Legislation Applicable to Biobank Research and Its Interplay with Data Protection Rules

2021 ◽  
pp. 187-213
Author(s):  
Teodora Lalova ◽  
Anastassia Negrouk ◽  
Laurent Dollé ◽  
Sofie Bekaert ◽  
Annelies Debucquoy ◽  
...  
Keyword(s):  
Data Protection ◽  
Self Regulation ◽  
Personal Data ◽  
Legal Framework ◽  
Presumed Consent ◽  
General Data Protection Regulation ◽  
Main Research ◽  
Biobank Research ◽  
General Data ◽  
The Impact

AbstractThis contribution aims to present in a clear and concise manner the intricate legal framework for biobank research in Belgium. In Part 1, we describe the Belgian biobank infrastructure, with a focus on the concept of biobank. In Part 2, we provide an overview of the applicable legal framework, namely the Act of 19 December 2008 on Human Body Material (HBM), and its amendments. Attention is given to an essential piece of self-regulation, namely the Compendium on biobanks issued by the Federal Agency on Medicine Products and Health (FAMPH). Furthermore, we delineate the interplay with relevant data protection rules. Part 3 is dedicated to the main research oversight bodies in the field of biobanking. In Part 4, we provides several examples of the ‘law in context’. In particular, we discuss issues pertaining to presumed consent, processing of personal data associated with HBM, and information provided to the donor of HBM. Finally, Part 5 and 6 addresses the impact of the EU General Data Protection Regulation (GDPR), suggests lines for further research, and outline the future possibilities for biobanking in Belgium. 

The Personal Data Protection Bill, 2018: India’s regulatory journey towards a comprehensive data protection law

2020 ◽  
Vol 28 (1) ◽  
pp. 1-19
Author(s):  
Deva Prasad M ◽  
Suchithra Menon C
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Supreme Court Of India ◽  
Indian Context ◽  
General Data ◽  
Data Protection Law

Abstract This article analyses the relevance of Personal Data Protection Bill, 2018 for developing a data protection legal framework in India. In this regard, the article attempts to analyse the evolution process of comprehensive personal data protection law in the Indian context. The manner in which the Personal Data Protection Bill, 2018 will revamp and strengthen the existing data protection regulatory framework forms the major edifice of this article. The article also dwells on the significant role played by the fundamental right to privacy judgment (Justice K.S. Puttaswamy v Union of India) of Supreme Court of India, thus preparing the regulatory ground for the evolution of the Personal Data Protection Bill, 2018. The influence of the European Union General Data Protection Regulation in shaping the Indian legal framework is highlighted. The article also discusses pertinent legal concerns that could question the effectiveness of the proposed data protection legal framework in the Indian context.

Sign in / Sign up

Export Citation Format

Share Document