Just about everything has been said and written about GDPR, but do you really know what can and can’t be done? The GDPR has its own language and logic, but putting theory into practice is often not that straightforward.
A recent survey by the Data Protection Authority (GBA) in collaboration with the Free University of Brussels (VUB), showed that many organizations are having difficulties implementing the GDPR. More specifically, the topics of Data Privacy Impact Assessments (DPIA), the relationship between a data processor and a data controller and the transparency principle often appear to be stumbling blocks.
These aspects are all the more complex in the hospital context. Hospitals, because of their specific activities and the processing of enormous amounts of sensitive data, have very specific needs, sensibilities and concerns regarding the protection of personal data. In addition, experience has taught us that, precisely because of these very particular circumstances, determining retention periods within a hospital context is also quite a challenge.
