Nixon Law Group

View Original

An overview of General Data Protection Regulation (GDPR), HIPAA, and what you need to do next

General Data Protection Regulation (GDPR) preparedness should be a priority and we will review the steps you need to take to make sure you’re in compliance. Though the GDPR comes from the European Union, businesses everywhere should apply GDPR principles in practice.

Last year, Nixon Law Group Attorney Katherine Bain, wrote an overview of GDPR and reviewed all you need to know. Read that article here to review why US companies should take the time to comply, a GDPR 101 (what it is and how it affects your practice/company), and an important list of what you can do right now to start your compliance.

Nixon Law Group attorneys have also written at length about HIPAA. See a list of those articles here.

The following graphics are courtesy of Ipswitch, Inc. Nixon Law Group does not endorse the content, company or products.

As Katherine explains in her “What do I need to know about GDPR?” there are some steps to take now to start compliance.

  1. Appoint a data protection officer;

  2. Know your data and obtain “explicit consent”;

  3. Execute complaint contracts;

  4. Revise your Privacy Policy, notices, and related agreements;

  5. Revise your Security Policy and Procedures; and

  6. Prepare for more stringent data breach requirements

But to do that it’s important to understand the goal of GDPR and the principles it is founded on. The goal is clearly to protect the rights of individuals and ensure they are central to collection/processing of personal data (of EU individuals).

The infographic below reviews the seven principles of GDPR.

Guard against accidental compliance breaches by working with one of our experienced healthcare attorneys