The Medical Device Regulation does not address processing of personal data and compliance with this Regulation does not provide assurance that the processing is lawful. The EU’s General Data Protection Regulation (GDPR) applies and must be complied with in all respects regardless of whether a device holds a CE mark.

The scope of GDPR extends far beyond simply data security and Kaleidoscope have worked with a variety of medical technology developers supporting them with compliance with GDPR and access to the UK’s NHS market.

Our services frequently include:

  • External DPO service
  • EEA representation
  • Data Protection Impact Assessment (DPIA)
  • Data Security and Protection Toolkit (DSPT)
  • Consent preferences