Redirigiendo al acceso original de articulo en 17 segundos...
Inicio  /  Future Internet  /  Vol: 13 Par: 3 (2021)  /  Artículo
ARTÍCULO
TITULO

Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

Dimitra Georgiou and Costas Lambrinoudakis    

Resumen

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients? health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l?Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization?s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

 Artículos similares

       
 
Meng Li, Jiqiang Liu and Yeping Yang    
Data governance is an extremely important protection and management measure throughout the entire life cycle of data. However, there are still data governance issues, such as data security risks, data privacy breaches, and difficulties in data management... ver más
Revista: Future Internet

 
Lijun Zu, Wenyu Qi, Hongyi Li, Xiaohua Men, Zhihui Lu, Jiawei Ye and Liang Zhang    
The digital transformation of banks has led to a paradigm shift, promoting the open sharing of data and services with third-party providers through APIs, SDKs, and other technological means. While data sharing brings personalized, convenient, and enriche... ver más
Revista: Future Internet

 
Mosaad Ali Hussein Ali, Farag M. Mewafy, Wei Qian, Ajibola Richard Faruwa, Ali Shebl, Saleh Dabaa and Hussein A. Saleem    
The effective detection and monitoring of mining tailings? leachates (MTLs) plays a pivotal role in environmental protection and remediation efforts. Electrical resistivity tomography (ERT) is a non-invasive technique widely employed for mapping subsurfa... ver más
Revista: Water

 
Ze Liu, Jingzhao Zhou, Xiaoyang Yang, Zechuan Zhao and Yang Lv    
Water resource modeling is an important means of studying the distribution, change, utilization, and management of water resources. By establishing various models, water resources can be quantitatively described and predicted, providing a scientific basi... ver más
Revista: Water

 
Jakob Benisch, Björn Helm, Xin Chang and Peter Krebs    
The European Union Water Framework Directive (2000/60/EC; WFD) aims to achieve a good ecological and chemical status of all bodies of surface water by 2027. The development of integrated guidance on surface water chemical monitoring (e.g., WFD Guidance D... ver más
Revista: Water