National and regional bodies

In Western health and social care there is an almost universal drive to provide integrated service delivery across organisational boundaries. These new ways of working present significant challenges for people and systems, not least data sharing and linkage.

Payers and providers

Health and social care provision is typically separated between those that buy the services (payers) and those that provide the services (providers). Depending on a country's funding model, these may vary in their relationship, for example between state-funded, as in the UK, and insurance-funded, as in Australia.

Medical technologies

Holding the CE mark is rarely an indicator compliance with GDPR for medical device manufacturers. The Medical Device Regulation is expressly linked to the General Data Protection Regulation through MDR article 110. There are also references in the section on Clinical Investigation (article 72). We have found very view test houses that check for compliance with these requirements or who understand the complexity of GDPR.

Kaleidoscope works with medical technology manufacturers and designers to implement the requirements of GDPR is their designs from the outset. This includes both the technical design of the product - GDPR requires Privacy by Design and Privacy by Default - as well as in the routes to different markets, which can change the role of the manufacturer from processor to controller or visa versa.

Life sciences

There is an overlapping relationship between the European General Data Protection Regulation (GDPR), the Clinical Trial Regulation (CTR) and the Medical Device Regulation .

A European Regulation is law in every Member State immediately and normally enforceable two years after official publication. Member States exercise the facility within a Regulation (derogation) to adapt the Regulation to reflect national cultural and legal difference. Whereas a Directive must be implemented through Member State legislation before it becomes law. This approach results in a greater variety between Member States than for a Regulation, although GDPR has some significant differences between European states.

Knowledge of the differences between Member State legislation is vital when mapped to CTR and MDR, and most European Member States have special conditions that apply specifically to processing patient data for these purposes.