The European Commission created the General Data Protection Regulation to unify regulatory standards relating to the use of digital data within the EU nations. GDPR comes into effect on 25th May, 2018. In general, it requires organizations handling personal data in EU to keep that data secure and it levies big penalties to organizations that fail to comply. With regard to healthcare organizations, they need to prove that they have adequate processes in place to manage and protect patients’, employees’ and partners’ personal data.
As a data processor, DataLife understands its obligation to help healthcare institutions comply with the new regulation. This is why we have thoroughly analyzed GDPR requirements and have put in place a dedicated internal team to drive our organization to meet them. Data privacy and data security are two sides of the same coin. We're streamlining the processes for our cloud applications by implementing IT policies and procedures that provide end-to-end security and perform frequent tests on the security measures.
Our goal is to preserve the patient’s, partner’s, employee’s privacy with regard to today’s monitoring and profiling possibilities. Encryption is a form of cryptography which has the effect of rendering data unintelligible to any person who is not authorised to access it. In our case, the system administrator holds a unique secret decryption key allowing him to access the information. This key is not readable or stored by us. In DataLife, we use proper and strong encryption algorithms ensuring that even if someone manages to access the information, he won’t be able to read or process it.
In parallel, we use the HTTPs protocols in order to prevent malicious attempts to intercept or read data, even in cases of compromised internet connection. HTTPS provides bidirectional encryption of communications between the browser running on the user’s device and the server running DataLife.
As with any new technology, it creates new risks and new opportunities. DataLife applies layers and system processes that characterize data protection in a distributed and highly dynamic data environment.