Impact of GDPR (DSGVO) on Smart Medication™ Electronic Patient Diary

Background: May, 25^th 2018 the GDPR (english: General Data Protection Regulation, german DSGVO: Datenschutz-Grundverordnung) was coming into effect throughout the European Community. It is shown how the new regulation impacts the smart medication™ platform in respect of data processing of personal health information.

Method: The newly introduced GDPR was applied to the smart medication™ platform. The new law does not only emphasise on extensive protection of personal data (privacy by design) but also and for the first time includes information security (security by design) as a mandatory part within the regulation. IT security so far was not mandatory part in the preceding national law of the Bundesdatenschutzgesetze (BDSG).

Results: The following key issues of GDPR were applied to the smart medication™ platform:

• lawful basis for processing personal health information

• measures for responsibility and accountability

• data protection by design and by default

• use of pseudonymisation whenever possible

• right of access for patients

• right to erasure if requested by patients

• records of processing activities

• assignment of dedicated Data Protection Officer (DPO)

In particular privacy by design, privacy by default as well as pseudonymisation were established in smart medication™ right from the beginning when the platform was established in 2012.

Conclusion: GDPR emphasizes on privacy by design and privacy by default as well as security by design. When processing personal health information these issues (beside all others) are important quality criteria for medical software like smart medication™.

No conflict of interest has been declared by the author(s).