Data Protection

Potentially sensitive data, such as that generated by wellbeing apps, is a "grey area” where the GDPR classification is open for interpretation.

If data is in any way identifiable or can be connected to the user (directly or indirectly), the data collection process cannot make the claim of being anonymous.

Last year saw around 40 global mHealth events and there are plenty more in 2019! What events in the digital health industry are worth attending? Plan this year’s events using our calendar.

Every **Digital Health App** processes **personal data** and most will also process health sensitive data. Processing such data requires you to be compliant with relevant data protection laws. How do you do that as a Digital Health Business? Here are the key things you have to consider.

Interview with Stefano Tranquillini, the CTO at Chino.io Stefano about his involvement in C3ISP, an EU Commission funded project, which aims at building a collaborative and confidential information sharing system for cybersecurity threats and attacks.

Under GDPR, anonymous data is not treated as personal data, therefore no user consent and no particular protection is required. However, it is very difficult to ensure that the data is truly anonymous.

This brief post summarizes some of the key points relevant to Digital Health companies.

The typical ticked boxes in subscription forms are no more enough: in four months from now every company will have to ensure that the consents on processing of sensitive data.

Certification bodies and Italy's DPA can then issue certifications. However, these need to follow some "certification criteria" (as demanded in art. 42(5) GDPR) which must be as well identified by the Garante.