What is GDPR
General Data Protection Regulation or GDPR (General Data Protection Regulation) is the world's most comprehensive set of data protection rules.
The GDPR applies to anyone who works with personal data in their business or operations. EU citizens will thus regain control of their personal data.
The regulation targets companies, institutions and individuals who treat personal data - employees, customers, clients or suppliers - across segments and industries. It will also affect those who track or analyze user behavior on the web, use apps or smart technologies. The aim of the GDPR is to protect EU citizens' digital rights.
GDPR applies uniformly across the EU from May 25, 2018. In the Czech Republic, it replaces the current legislation on the protection of personal data in the form of Directive 95/46 / EC and forced the repeal of the original Act No. 101/2000 Coll., On Personal Data Protection. Current Act No. 110/2019 Coll., On the processing of personal data, already clarifies some areas and sub-issues necessary to complete the whole framework of personal data protection at national level. For some aspects, the General Regulation even foresees national arrangements, such as: age of 15 years of child's eligibility, aspects of personal data processing for freedom of expression, right to information, freedom of scientific research and artistic creation.
In particular, the fact that the new rules have been adopted in the form of a European regulation means their uniformity in all EU countries, so that national governments and legislators cannot bend and adapt them to local interests or lobbyists in any way.
Complete version of GDPR in Czech translation as "General Data Protection Regulation" find it here.
GDPR in health care
Healthcare workers come into contact with a wealth of personal information every day. The objective of the GDPR is to protect as many as possible natural persons whose personal information should be (including health) strictly protected from violation of their security, that is, even by accidental destruction, loss, alteration, or even unauthorized provision or disclosure.
In health care, it is necessary to insist on a more comprehensive processing of personal data of patients, their family members, employees, but above all those who are vulnerable (children) and those who are unable to provide their personal data.
For sensitive data processed in health care are stricter conditions than personal data, these types of data are:
- health data (such as those relating to the physical and mental health of the individual, including data on the provision of health services that reflect his / her health status);
- genetic data (data relating to the inherited or acquired genetic traits of the natural person);
- biometric data (e.g., facial image or dactyloscopic data);
In particular, the processing of specific categories of data requires that:
- processing is necessary for the purpose of providing health services;
- processing is necessary for reasons of significant public interest in public health;
- the data subject (eg patient) gives explicit consent with their processing for one or more specified purposes.
Consent to the processing of personal data in health care
If processing is not done on the basis of a legal, contractual or legitimate interest, it is necessary for the data subject (eg patient) to consent to its processing, which is, according to the Regulation, "a free, specific, informed and unambiguous expression of the will in which the data subject declares or otherwise manifestly confirms his or her consent to the processing of personal data '.