Improvement of the Applicability of the General Data Protection Regulation in Health Clinics

Abstract

The General Data Protection Regulation (full name: Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive) entered into force on May 25 2018, but was approved on April 27 2016. The General Data Protection Regulation (GDPR) aims to ensure the coherence of natural persons’ protection within the European Union (EU), comprising very important innovative rules that will be applied across the EU and will directly affect every Member State. The GDPR considers a ‘special category of personal data’, which includes data regarding health, since this is sensitive data and is therefore subject to special conditions regarding treatment and access by third parties. This premise provides the focus of this research work, where the applicability of the GDPR in health clinics in Portugal is analysed. Such analysis is based on a study by [1], who presents the results of a survey regarding the GDPR applicability in health clinics six months before its enforcement. This work aims to present the evolution of the regulation applicability six months after its enforcement. The results are discussed in light of the data collected from a survey and possible future works are identified.