May 17, 2020

Top areas of healthcare impacted by GDPR

Health regulations
Health regulations
Helen Goldthorpe, Associate So...
5 min
Health trends and predictions
1. Can you outline your top 3 areas of healthcare that will be impacted by GDPR?

“Almost everyone will see some impact from GDPR.Rather than focussin...

1. Can you outline your top 3 areas of healthcare that will be impacted by GDPR?

“Almost everyone will see some impact from GDPR.Rather than focussing on types of healthcare, I have chosen three types of data to emphasise how wide-ranging it will be and that it is something which every organisation will need to consider.First is obviously patient data.This can be sensitive information about health, and it is important that it is handled appropriately.Second is employee data – even businesses who aren’t consumer facing are likely to handle sensitive information about their employees, such as sickness records.Employees also expect their financial information to be held securely.Finally, there is data about other contacts – including business contacts, such as suppliers.A lot of people ignore this when thinking about personal data and, although there tends to be a more flexible approach to how this is used due to the lower expectation of privacy, there are still data protection implications to consider.”

2. Does GDPR have the potential to really transform customer relationships and start to do things properly in terms of personalisation and being proactive with customers?

“A lot of people talk about consent and choice when they talk about GDPR. It’s important to remember that consent is only one of the reasons you can use to legitimise processing data, but it’s definitely important.Where you are able to, give choices and act on them. It can empower the customer and make them feel like they have a say in how their data is used.Giving customers control can help to shape relationships in a positive way.

Some of the new data subject rights also help customers feel in control – for example, they have stronger rights to stop how their data is to be used if they change their mind about consent. Of course, choice isn’t always appropriate and, in some situations, you can use data without consent, in the same way as under the current law.But you can still build the customer relationship by being clear about what you use data for and why you do it. The GDPR has much stronger transparency obligations.Demonstrating that you have thought about how you use data and have put appropriate protection in place can definitely help, even where the customer has no choice.”

3. Will a set of Europe-wide data rights change patient attitudes towards sharing their personal data?

“Patients can be reluctant to share their data if they are unclear how it will be used and who will have access to it.A lack of transparency can make people suspicious and too many organisations have historically hidden things away in small print, leading to distrust.There have also been concerns around security.Being transparent by providing clear, understandable and relevant information can help to build a more open, trusting relationship.It is also useful to demonstrate that you have robust security and governance in place as these have historically been concerns about data sharing arrangements.”

See also

4. Will the internal changes healthcare organisations need to make to comply with GDPR lead to them becoming better at the collection and analysis of their data?

“Preparing for GDPR involves having a good look at what data you collect and why you use it.  This is likely to identify things you can do better – for example if you give appropriate information and obtain necessary consents when the data is collected this can enable you to use the data more widely at a later stage.  It can also help identify data which you don’t actually use and no longer need to store, or where you hold multiple overlapping datasets which would be more powerful if they were combined into a single database.  It is increasingly important to look at data as an asset – an asset which you need to use in accordance with the law, but which can bring value to your organisation if you do so correctly.”

5. How will GDPR fit into the wider global delivery of healthcare services? A barrier or an advantage?

“There is a lot of scaremongering about GDPR but at its heart, GDPR is about using data responsibly with good information management and governance structures, and giving individuals choices where appropriate.  Doing this can definitely bring benefits to an organisation, and my view is that GDPR shouldn’t be seen just as compliance red tape and an additional burden, but as a framework for using data responsibly.”

6. Can technology help healthcare organisations meet their responsibilities under GDPR?

“Technology is definitely part of the solution and there are an increasing number of products on the market which will help with GDPR compliance, but it’s important to remember that GDPR is not just a technology issue.  There is a lot of work to do around governance, checking there is a legal basis for processing, and putting appropriate contracts in place with third parties who have access to data and training.  None of this can be done by technology alone.  Getting GDPR compliance right involves a cultural change throughout an organisation to give data about individuals the respect it deserves. Relying too much on technology can detract from the human element which you also need to get right.”

Helen Goldthorpe is an associate solicitor at leading law firm Shulmans LLP. She has particular expertise in data protection, commercial contracts, intellectual property and technology.

Share article

Jul 27, 2021

On the rise:

2 min
On the rise:
We take a look at the rise of, Sweden’s most popular provider of digital healthcare

1. launches as a digital healthcare platform in Sweden in 2016. The company's focus is on the B2B market, with a mission to help members find, book and get access to healthcare services through telehealth and telephone calls. 

2. The company offers healthcare services through its app as well as at bricks and mortar clinics. After raising more than €40 million in a funding round in May 2020 to expand its operations both nationally and overseas, CEO and founder Martin Lindman says there are plans to enter new markets at the beginning of 2021. 

3. Belgium becomes the fifth  market where provides telemedicine, through Belgium's communications company Proximus Group. It becomes the second most downloaded doctor app in Europe, and over 1.2 million patient consultations are carried out, either through the app or at physical clinics in Sweden. Throughout 2020 it administers over 250,000 COVID-19 antibody tests in Sweden. 

4. is the most popular digital healthcare in Sweden, used by approximately one-tenth of the country's population. New funds are raised to offer improved services for mental health and chronic illnesses, and to expand digital services and acquire physical services to integrate into its digital platforms with the aim of creating a hybrid model. 

5. The company announces €29.5 million in funding from Chinese technology multinational Tencent Holdings. say the funds will be used to make its global healthcare services more efficient, accessible and affordable. 

The platform now employs nurses, doctors and specialist doctors, psychologists, and physiotherapists, and is available across Europe and in Brazil.  

6. Over 1.5 million people are currently using healthcare apps developed by, either run by the company or through its SaaS licensing business. There are around 900 people employed by the company, and say that the productivity of medical staff using the platform is up to four times greater than those working in traditional services. 

Share article