Masterclass: Designing for Privacy: GDPR in Digital Health

Data privacy serves first and foremost to protect patients, and getting it wrong can cost digital health companies and their partners in life sciences dearly. Organisations that mishandle patient data can pay a steep price – not just in terms of hefty fines, but also potentially irreparable harm to their reputation. In the EU last year alone, the biggest fines for violations of the General Data Protection Regulation (GDPR) added up to €821.54 million, including Meta paying €405 million for processing the personal data of child users on its Instagram platform. Alarmingly, healthcare breaches have proven to be the costliest, averaging over $10 million per breach in 2022, with mega breaches involving over a million records carrying an average cost of $400 million. Companies that deal with digital patient records cannot afford to be cavalier about privacy.

During this interactive session, Elena Ames (Data Privacy Officer at BrightInsight) will illustrate how to ensure privacy and data protection are entwined in the earliest product design stages to avoid these costly and damaging breaches. The session will cover:

• Understanding Key Privacy Laws. How to stay abreast of evolving regulations including Data Protection Regulation (GDPR), HIPAA and HITECH and state consumer privacy laws (focused on California, Colorado, and Virginia).

• Implementing Privacy by Design. How to ensure that privacy is part of the design of the entire business line, as a default? 

• Building a Culture of Compliance. How to promote an organisational culture centred around data privacy and compliance? How to evaluate the compliance level of potential partners?