Close this search box.
Close this search box.
The new GDPR, point of inflection for healthcare centers
The new GDPR, point of inflection for healthcare centers

Share the news:


The application of the new General Data Protection Regulation this past May 25th entails a new obstacle for all types of companies within or outside of the European Union. Nevertheless, there are sectors that are sensitive to the changes that the regulation brings due to the nature of the data managed within their activity. One of them is certainly the sector that concerns all healthcare centers. This is why PONS IP held a work session about the new GDPR applied to health sector on May 23rd, in collaboration with the Innovation and Health Prospective Foundation in Spain (FIPSE).

In this article, we highlight the key topics discussed in the work session regarding our intervention by experts: our Managing Director, Nuria Marcos; José Carlos Erdozain, Head of the Legal Department; and Alfonso Beltrán director of the FIPSE foundation.

  • In 2022, the European Commission expects to have access to a million sequenced genomes and, in 2024 to ten million. For this reason, experts consider the harmonization of personal data protection of research and health centers a priority.
  • The new GDPR marked a new turning point in regards to civil awareness about the use of data by third parties; as well as to business education, that is now to be directed towards a larger responsibility role concerning the treatment of data under the proactivity principle.
  • According to article 9 of the GDPR, the personal data of patients related to their wellbeing will be automatically framed in the special protection category.
  • All health professionals and medical researchers must be aware of several aspects introduced by the GDPR, such as consent (it must be always expressed, affirmative, clear, and provable), the importance of its renewal, auditing, impact and risk evaluation to which they must their institutions should submit to, security and data confidentiality, as well as the right to be forgotten.
  •  In regards to the way consent is obtained, institutions that work in the health industry are required to keep a very strict procedure to collect such consent and guarantee that it is express.
  • Even after this special protection, some obstacles still exist in comparison to the previous period. The strict implementation of the regulation is balanced by a series of exceptions intended for the special details that concern the healthcare field, which enable some flexibility in the application of the GDPR. The exceptions only refer to the consent required for particular purposes, like preventive actions for public health or the treatment of data that follows an immediate risk to the health of an ill person.
  • Likewise, the required international health assistance can also exempt the formal tasks compliance regarding legislation. This refers to, for example, the possibility to provide information to a public administration in order for it to facilitate health services to a patient in a member state of the European Union.
  • Another essential aspect of the new GDPR is the existence of a new figure: The Data Protection Officer (DPO). In the case of health centers, the Regulation and the Bill of Incorporation, require the designation of this officer. Health centers treat data considered sensitive, and also have the power to process it on a higher scale and volume. Nonetheless, the new GDPR specifies that a medical consult or clinic staffed with a single specialist will not be required to name an Officer.
  • The security of any type of personal data that concerns health is essential. The new GDPR reinforces the need to ensure confidentiality as well as the security of personal data with codes, data minimization, continuous backups, and the resilient system capacity against cyber-attacks.

Some of the journalistic articles included in this website are protected by Copyright. If you wish to carry out the reproduction, distribution, public communication or transformation, in any medium and in any way, of any article with the employees of your company or with external personnel, contact CEDRO to obtain your own authorization ( /

If you liked this content, share it:

Listen to our podcast

“Invention Privileges”

episodio 2
Las marcas en la nueva economía digital
El segundo episodio de nuestro podcast “Privilegios de Invención” está dedicado a uno de los derechos de propiedad industrial más...
episodio 1
Patentes Biotecnológicas
El primer episodio estará dedicado a uno de los grandes campos de la innovación a nivel mundial, uno de los...


All the IP News

in your e-mail

Find out all the latest information on IP to boost the development of your organisation.

Subscribe to our bimonthly newsletter

In compliance with the provisions of the GDPR, the following is informed: Controller: PONS IP, S.A. (A-28750891). Purposes: send of electronic marketing communications related to the activities and services offered by PONS IP. Legitimation: Consent of the interested party [art. 6.1.a) GDPR]. Rights: Access, rectify, delete, limit, or oppose the treatment, request portability and revoke the consent given by sending an email to, including as a reference "EXERCISE OF RIGHTS". More information.

International Awards

and Recognitions

International Awards and Recognitions