Over 90 Total Lots Up For Auction at One Location - WA 04/08

Are U.S. healthcare companies ready for GDPR?

June 08, 2018
By Greg Sparrow

The General Data Protection Regulation (GDPR) is a European Union-based regulation that requires businesses to protect the personal data and the privacy of any European Union (EU) natural persons when transactions occur within EU states.

Data protected under the GDPR includes identifiable information (names, addresses, dates of births), web-based data, health and genetic data, as well as biometric data. These bylaws were officially enforceable as of May 25, 2018 and apply to all businesses interacting with and performing marketing tasks to EU data subjects. The GDPR is based on the precedent that private information always is, or should be, private and that individuals have rights surrounding that data. The exact words, according to the GDPR, are that “data protection is a fundamental right.”

Despite a two-year grace window that healthcare industry companies were allotted to prepare for GDPR compliance, a recent survey study titled “GDPR Readiness Survey” shows that very few are 100 percent compliant. The survey found that only 29 percent of the participants were actually aware of the GDPR, 44 percent said they were somewhat aware, and 29 percent said they were completely unaware. The survey also found that only 24 percent of businesses felt that they were prepared for the GDPR, and 31 percent felt they were somewhat prepared. This is compared to the 36 percent of businesses that said they did not feel prepared, and another 9 percent that said they were unsure. These numbers seem to be alarming, simply due to the fact that one infraction can cost a noncompliant business millions in revenue. It can be assumed that companies who are not fully aware or fully prepared face enormous risk when working with any customers who may be based in the EU.

Furthermore, the GDPR Readiness survey also found that 45.6 percent of businesses reported that they have not become compliant because they are waiting to see what enforcement comes from the regulation. However, as more companies see initial fines, this number will likely drop. The GDPR notes that, under certain circumstances , it is a requirement for companies practicing business in the EU to hire a Data Protection Officer (DPO) to ensure compliance with the regulation. The DPO serves to be responsible for informing and advising organizations of their obligations under the regulation, monitoring compliance with the regulation, responding to requests from data subjects, and cooperating with the supervisory authorities, including reporting breaches that result in risk to those affected within 72 hours as required by the GDPR. When a DPO is required, appointing someone to this position will be just a small aspect of what those 45.6 percent of businesses will need to accomplish to become compliant with the requirements under the GDPR.

You Must Be Logged In To Post A Comment