logo-healthcare technologieslogo-healthcare technologieslogo-healthcare technologieslogo-healthcare technologies
  • About Us
    • Our Story
    • Awards
    • Success Stories
    • Our Standards
    • Green Information Declaration
      • Our Sustainability Vision
      • Word from the CEO
      • Tiga’s Sustainable Practices
    • Tiga’s Commitment to Equality
      • Our Equality Policies
      • Our Equality Initiatives 
      • Equality and Career Development
    • Careers
  • Products
    • Interoperability
      • HIE Suite
      • FHIR Stack
      • Enterprise Master Patient Index (EMPI)
      • Terminology Server
      • Clinical Viewer 360
    • Patient Engagement
      • Personal Health Record
      • e-Appointment
      • e-Referral
    • Prescription & Medicine Management
      • Central e-Prescription
      • e-Pharmacy
      • Drug Data Management
    • Drug Traceability
      • DrugXafe – Pharmaceutical Track & Trace System
      • DrugXafe Mobile App
      • Aggregation Management System
    • AI & Analytics
      • ShareMind – AI Platform for Health
      • Predis
      • Autononym
    • Population Health Management
      • Health Analytics & Reporting
      • Chronic Disease Management
      • Predis
    • Personalized Healthcare
      • Mobithera – Remote Physiotherapy & Ergotherapy App
    • Hospital Information System
      • Clinical Solutions
      • Administrative Solutions
  • Resources
    • News
    • Blogs
    • Insights
    • Newsletters
  • R&D
    • R&D Projects
      • ExerNeck
      • HiveMind
      • My Health Coach
      • RadThera
      • Sym2Clinic
      • XrCycling
      • DMEK-Track
      • AISym4Med
      • Oncolab
      • Closer – Elderly Smart Home
    • R&D Achievements
    • Academic Studies
    • Academic Advisory Board
    • Partners
  • Contact
    • Contact Us
    • Partner with Us
    • Request a Demo
English
✕
14 April 2021
Categories
  • Healthcare Interoperability Category
Tags
  • Data Privacy
  • GDPR
  • Home
  • Insights

Insights

What Is GDPR and Why Is It Important Today?

What Is GDPR and Why Is It Important?


General Data Protection Regulation, in other words GDPR, is one of the most important issues in recent years. So what is GDPR and why is it so important today? In our article, we have listed in detail what you need to know about GDPR along with these question titles. We can start our article with the definition of GDPR.


What is GDPR?

GDPR has seen as the world's strongest set of data protection rules, which enhance how people can access information about them and places limits on what organisations can do with personal data. The regulation exists as a framework for laws across the continent and replaced the previous 1995 data protection directive. The GDPR's final form came about after more than four years of discussion and negotiations.

GDPR came into force on May 25, 2018. Countries within Europe were given the ability to make their own small changes to suit their own needs. The strength of GDPR has seen it lauded as a progressive approach to how people's personal data should be handled and comparisons have been made with the subsequent California Consumer Privacy Act.

Who Does GDPR Apply To?

At the heart of GDPR is personal data. Broadly this is information that allows a living person to be directly, or indirectly, identified from data that's available. This can be something obvious, such as a person's name, location data, or a clear online username, or it can be something that may be less instantly apparent: IP addresses and cookie identifiers can be considered as personal data.

Under GDPR there's also a few special categories of sensitive personal data that are given greater protections. This personal data includes information about racial or ethic origin, political opinions, religious beliefs, membership of trade unions, genetic and biometric data, health information and data around a person's sex life or orientation.

The crucial thing about what constitutes personal data is that it allows a person to be identified – pseudonymised data can still fall under the definition of personal data. Personal data is so important under GDPR because individuals, organisations, and companies that are either 'controllers' or 'processors' of it are covered by the law.

What Are GDPR's Principles?

At the core of GDPR are seven key principles: These key principles have been designed to guide how people's data can be handled. They don't act as hard rules, but instead as an overarching framework that is designed to layout the broad purposes of GDPR. The principles are largely the same as those that existed under previous data protection laws.

GDPR's Seven Principles: lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. In reality, only one of these principles, accountability, is new to data protection rules.

Data Minimisation

The data minimisation principle isn't new, but it continues to be important in an age when we are creating more information than ever. Organisations shouldn't collect more personal information than they need from their users. The principle is designed to ensure organisations don't overreach with the type of data they collect about people.

Integrity and Confidentiality

Over 20 years of being implemented a series of best practices for protecting information emerged, now many of these have been written into the text of GDPR. Personal data must be protected against unauthorised or unlawful processing, as well as accidental loss, destruction or damage.

GDPR doesn't say what good security practices look like. However, proper access controls to information should be put in place, websites should be encrypted, and pseudonymisation is encouraged. If a data breach occurs, data protection regulators will look at a company's information security setup when determining any fines that may be issued.

Accountability

Accountability is the only new principle under GDPR. Accountability can mean documenting how personal data is handled and the steps taken to ensure only people who need to access some information are able to. Accountability can also include training staff in data protection measures and regularly evaluating and data handling processes.

The destruction, loss, alteration, unauthorised disclosure of, or access to people's data has to be reported to a country's data protection regulator where it could have a detrimental impact on those who it is about. This can include, but isn't limited to, financial loss, confidentiality breaches, damage to reputation and more.

For companies that have more than 250 employees, there's a need to have documentation of why people's information is being collected and processed, descriptions of the information that's held, how long it's being kept for and descriptions of technical security measures in place. GDPR's Article 30 lays out that most organisations need to keep records of their data processing, how data is shared and also stored.

In addition, organisations that have regular and systematic monitoring of individuals at a large scale or process a lot of sensitive personal data have to employ a data protection officer. For many organisations covered by GDPR, this may mean having to hire a new member of staff.

GDPR Rights

While GDPR arguably places he biggest tolls on data controllers and processors, the legislation is designed to help protect the rights of individuals. As such there are eight rights laid out by GDPR. These range from allowing people to have easier access to the data companies hold about them and for it to also be deleted in some scenarios.

What Are GDPR Rights For Individuals?

GDPR rights for individuals are the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and also rights around automated decision making and profiling.

Access to Data

If you want to find out what a company or organisation knows about you, you need a Subject Access Request (SAR). You can't make a request for anyone else's information, although someone, such as a lawyer, can make a request on behalf of another person.

When a person makes a SAR they're legally entitled to be provided with a confirmation that an organisation is processing their personal data, a copy of this personal data, and any other supplementary information that's relevant to the request. A request must be answered within one month.

People have successfully used SARs to find out information technology companies hold about them. SARs can be made either in writing or verbally. It's meaning an organisation has to determine whether what has been asked for is classed as personal data under GDPR. A SAR doesn't have to say it is a SAR and can be made to any person in an organisation. As well as the information that's asked for, an organisation has to provide details of why it was processing the personal information, how the information is being used, and how long it is due to be kept for.

Automated Processing and Data Portability

The GDPR also bolsters a person's rights around automated processing of data. The regulation also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there's no legitimate interest, and if it was unlawfully processed.

Data portability is that it should be possible to share information from one service to another.

GDPR Breaches and Fines

One of the biggest, and most talked about, elements of the GDPR has been the ability for regulators to hit businesses who don't comply with huge fines. If an organisation doesn't process an individual's data in the correct way, it can be fined.

Source: https://bit.ly/3uGCif0

Insights


  • The Importance of Data Aggregation in Healthcare
    14 May 2025
  • This Month in Healthcare IT: Remarkable News in April
    30 April 2025
  • The Future of Personalized Healthcare Technology
    17 April 2025
  • This Month in Healthcare IT: Remarkable News in March
    28 March 2025
  • 10 Essential Benefits of e-Prescription
    13 March 2025
  • This Month in Healthcare IT: Remarkable News in February
    28 February 2025
  • What Are the Benefits of Patient Portal?
    19 February 2025
  • This Month in Healthcare IT: Remarkable News in January
    31 January 2025
  • What Is a Drug Recall and Why Are Drugs Recalled?
    16 January 2025
  • This Month in Healthcare IT: Remarkable News in December
    30 December 2024

Tags

  • Aggregation Management
  • AI
  • AI & Analytics
  • Artificial Intelligence
  • Central e-Prescription
  • Chronic Disease Management
  • Clean Supply Chain
  • Clinical Terminology
  • Counterfeit Drugs
  • Counterfeit Medicine
  • Data Privacy
  • Digital Healthcare Ecosystem
  • Digital Transformation in Healthcare
  • Disease Management
  • Drug Data Management
  • Drug Recall
  • Drug Traceability
  • Drug Track & Trace
  • Drug Track and Trace
  • e-Appointment
  • e-Pharmacy
  • e-Prescrition
  • e-Referral
  • EHR
  • Electronic Health Records
  • Electronic Medical Records
  • EMPI
  • EMR
  • Enterprise Master Patient Index
  • FHIR
  • GDPR
  • Health Analytics
  • Health Analytics & Reporting
  • Health Data
  • Health Information Exchange
  • Health Management
  • Healthcare Analytics
  • Healthcare Ecosystem
  • Healthcare Interoperability
  • Healthcare Management
  • Healthcare Technology
  • HIE
  • HIPAA
  • HIS
  • HL7
  • Hospital Information System
  • Interoperability
  • İTS
  • Machine Learning
  • mHealth
  • Mobile Health
  • Mobile Physiotherapy
  • Online Appointment
  • Online Pharmacy
  • Patient Centricity
  • Patient Empowerment
  • Patient Engagement
  • Patient Monitoring
  • Patient Portal
  • Personal Health Record
  • Personalized Healthcare
  • Pharmaceutical Supply Chain
  • Pharmaceutical Track and Trace
  • PHR
  • Population Health
  • Population Health Management
  • Precision Medicine
  • Predictive Analytics
  • Prescription & Medicine Management
  • PTTS
  • Public Health
  • Remote Patient Monitoring
  • Remote Physiotherapy
  • SaaS EHR Solutions
  • Serialization
  • SMART
  • Standardized Terminology
  • Sustainable Healthcare
  • Telehealth
  • Telemedicine
  • Terminology Server
  • Traceability
  • Virtual Care
  • Virtual Health Services
  • Wearable Health Devices
  • WSIS

About Us

  • Our Story
  • Awards
  • Success Stories
  • Our Standards
  • Green Information Declaration
  • Tiga's Commitment to Equality
  • Careers

Products

  • Interoperability
  • Patient Engagement
  • Prescription & Medicine Management
  • Drug Traceability
  • AI & Analytics
  • Population Health Management
  • Personalized Healthcare
  • Hospital Information System

Resources

  • News
  • Blogs
  • Insights
  • Newsletters

Contact

  • Contact Us
  • Partner with Us
  • Request a Demo

Locations

  • Türkiye, Ankara Next Level | HQ
  • Türkiye, Ankara Technopark | R&D Center
  • United Kingdom, Warwick
  • Qatar, Doha
  • Qatar, Free Zone
  • Saudi Arabia, Riyadh
  • Estonia, Tallin

Cookie Policy      Privacy Notice      Clarification Notice      Application Form      Terms of Use

© 2025 Tiga Healthcare Technologies. All Rights Reserved.

English
  • No translations available for this page