Simplific'Action: The GDPR Explained

Regulations

08/07/2026

Everything Healthcare Innovators Need to Know About the General Data Protection Regulation (GDPR). 

What is the GDPR?

The General Data Protection Regulation (GDPR) is a European regulation that governs the processing of all personal data. It applies whenever data is processed that can directly or indirectly identify an individual. 

Questions to ask yourself from the outset:

  • What personal data is being processed? 
  • What are the purposes of the processing?
  • Who acts as the data controller: is it a controller, a processor, or is there joint responsibility for the processing?
  • Is my system secure? 
  • What technical and organizational measures need to be implemented?
  • What is the legal basis for the processing?
  • What are the retention periods?
  • Who are the data recipients?

Compliance with the GDPR begins right from the design phase of the solution.

The 8 Essential Principles 

Every digital service must comply with:  

  • Transparency
  • Purpose
  • Data Minimization
  • Conversation
  • Limited retention
  • Security
  • Legality
  • Individual Rights

Everything revolves around data control (and, therefore, the protection of individuals.) 

Individual Rights 

Every user has rights regarding their personal data, including the right of access, rectification, erasure, restriction of processing, objection, and data portability. 

As a data controller, you must be able to respond to requests from individuals, each of whom has rights regarding their data (access, rectification, erasure, objection, restriction, and portability). 

For Innovators

If your solution involves the processing of personal data, ask yourself the right questions:

  • Do I have a legal basis for this processing? 
  • Can I justify the collection of each piece of data?
  • Did I take the GDPR requirements into account from the very beginning of my solution’s design? 

When it comes to personal health data, in addition to the GDPR, you must comply with applicable sector-specific regulations, particularly the requirements related to the Hosting of Health Data (HDS).