GDPR Compliance

Millions of people in Europe assume that cookie banners and consent popups are both part of GDPR. However, the reality is more complex.

Struggling with a provider that doesn’t offer a Data Processing Agreement (DPA)? Learn how to stay GDPR compliant by drafting your own DPA or switching to a compliant provider.

Being fresh from DMEA this month, I still see a concerning problem for EU digital health companies: hospitals and clinics are (still) reluctant to adopt cloud solutions.

When it comes to GDPR, the biggest misconception is that compliance is a one-off project and that once you have checked all the boxes, you don’t have to worry about it anymore.

Not taking into account the importance of protecting your users’ privacy and their personal data may damage your brand reputation and get you out of business. We saw companies lose deals in B2B and B2C startups lose partnerships and reimbursement agreements.

Since July 10th you can start again using US service providers like AWS, Google Cloud, and Azure, without any trouble (and additional safeguards). This is thanks to the new Adequacy Decision approved by the EU Commission for the United States.

In this blog article, we will go through this topic from the POV of a digital health startup and try to give you a better understanding of when you should ask for consent and why.

Italy’s data protection authority has ordered OpenAI to stop processing people’s data locally with immediate effect. The Italy DPA claims that ChatGPT is breaching the GDPR due to unlawful data processing.

Many digital health companies, afraid of the costs and timeline of a proper GDPR implementation, opt for a strategy to store personal and sensitive data inside the devices, hoping to circumvent the regulation.