The European Union’s (EU) General Data Protection Regulation (GDPR) took effect on 25 May. Directly binding and applicable in all EU states, the GDPR aims to protect the data and privacy of the European population by giving control back to citizens and to make the regulatory environment simpler for international business. Non-compliance comes at a high price; fines for failure to comply could be as high as €20 million or 4 percent of global turnover. HealthManagement spoke to patient advocate Peter Kapitein on how healthcare can prepare for the GDPR and how the regulation will impact on the sector.
The General Data Protection Regulation (GDPR) does exactly what it says: it protects data. The consequence of this is that the data is much harder to use for the benefit of society and our case for patients.
There is a big difference between citizens and patients. Where citizens might want to protect their data more intensely, patients want it to be used for the benefit of society and if possible for their own. Patients want the data being used by researchers for better treatments and the improvement of quality of life. Most patients don’t even want to give permission for it. It’s more a matter of “Simply use my data and hurry up”.
What is seriously lacking in the implementation of GDPR is the comparison of the costs-benefits-risks of the existing situation (without GDPR) where data can be used more easily and the cost-benefit-risk ratio in the new situation (with GDPR). We patients take the risk and pay the bill―with our lives. Therefore, it is simply wrong that politicians and lawyers determine what can and should be done with ‘my data’. It is my self-determination that should answer the question about what can be done with my data.
For this reason of self-determination, I refer to an excellent Estonia EU initiative called ‘Digital Health Society’ and their working group ‘Citizen-controlled data governance and data donors’ that says: “The patient owns and maintains the data and the data is available for research with an opt out way of working”.