GDPR Compliance

When it comes to GDPR, the biggest misconception is that compliance is a one-off project and that once you have checked all the boxes, you don’t have to worry about it anymore.

Not taking into account the importance of protecting your users’ privacy and their personal data may damage your brand reputation and get you out of business. We saw companies lose deals in B2B and B2C startups lose partnerships and reimbursement agreements.

Since July 10th you can start again using US service providers like AWS, Google Cloud, and Azure, without any trouble (and additional safeguards). This is thanks to the new Adequacy Decision approved by the EU Commission for the United States.

In this blog article, we will go through this topic from the POV of a digital health startup and try to give you a better understanding of when you should ask for consent and why.

Italy’s data protection authority has ordered OpenAI to stop processing people’s data locally with immediate effect. The Italy DPA claims that ChatGPT is breaching the GDPR due to unlawful data processing.

Many digital health companies, afraid of the costs and timeline of a proper GDPR implementation, opt for a strategy to store personal and sensitive data inside the devices, hoping to circumvent the regulation.

After the invalidation of the previous adequacy decision on the EU-US Privacy Shield, the US is still considered TODAY a Third country without an Adequacy Decision according to GDPR.

What happens when a user puts personal data in a free text field even though we tell them not to? How do we deal with this case?

Although the tool can boost AI innovation, it is crucial to keep in mind that there are still some “grey areas” on the data protection and privacy side. We will focus our assessment on the GDPR.