General Data Protection Regulation (GDPR) Toolkit for Digital Health.

Abstract

The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. Compliance with GDPR is especially relevant to the Digital Health (DH) domain, as it is common to process highly sensitive personal data regarding a person's health. However, GDPR compliance is a very challenging process since it requires implementing several technical and organizational measures to maintain compliance. With the aim to facilitate this process, we reviewed the published best practices in GDPR compliance. Then, we customized the findings to fit into the DH domain and created a toolkit for GDPR implementation and compliance. The Activity Planning Tool (APT) is provided as an example of how this toolkit could be utilized in new application development in mobile health in Austria. In the case of our APT, the toolkit was very helpful in integrating the GDPR technical requirements in addition to creating the corresponding compliance impact assessment, processing agreements, privacy policy, data flowcharts, and compliance checklists.