App Regulation: GDPR

As a developer, staying up to date with the latest app regulations and standards is essential.

In this blog post, we highlight the importance of the General Data Protection Regulation (GDPR). Brought into effect in May 2018, GDPR is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK.

As set out by the Information Commissioner’s Office (ICO), all businesses and organisations operating within the EU must comply with GDPR. If your app controls and/or processes personal information, you are accountable for the handling of this personal data and sensitive personal data. As such, GDPR requirements include: the need to be transparent about how personal data is processed; data must be adequate, relevant, accurate and kept up-to-date; data must not be kept for longer than is necessary, and must be processed such that there is appropriate security of the personal data.

In the GDPR, ‘personal data’ is defined as ‘any information relating to an identified or identifiable natural person (‘data subject’)’, ie. ‘one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.’

Under the GDPR, you must appoint a Data Protection Officer (DPO) if your core activities include large scale processing of special categories of data, which includes information relating to an individual’s health. The GDPR defines ‘data concerning health’ as ‘personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.’

To access the full GDPR regulations, please click here.

For FAQs specific to small health sector bodies, read this information on the ICO’s website.