In June 2018, the CNIL, Commission Nationale Informatique & Libertes, published guidelines for the protection of personal data in the health sector. In particular, the French Data Protection Authority (DPA) provides professionals in the health sector with tips to comply with the EU Privacy Regulation 2016/679, GDPR:
- limit the information collected to what is necessary for the treatment of patients;
- keep a record of treatments;
- delete patient data after the maximum retention period (20 years);
- take appropriate security measures;
- provide information to patients on the treatment of data.
The CNIL also circulated a model of information and record of treatment.
Guide Pratique Sur La Protection Des Données Personnelles is available (in French) at https://www.cnil.fr…
For more information, Francesca Giannoni-Crystal and Federica Romanelli
Follow us on& Like us on