Presentation at the MedTech Summit 2018 in Brussels concerning the new EU regulatory regime for economic operators in the supply chain of medical devices and IVDs
Presentation at the Advamed MedTech conference in Boston on 25 September regarding the state of implementation of the EU Medical Devices Regulation MDR, and what companies can still do before its date of application on 26 May 2020
Use of left over samples under the IVDR and GDPRErik Vollebregt
Presentation on the RAPS Convergence 2017 about the use of left over samples in performance evaluation under the In Vitro Diagnostics Regulation (IVDR) and under the General Data Protection Regulation (GDPR)
This presentation describes regulatory hurdles to keep in mind when acquiring / selling medical devices companies with CE certificates to prevent them from becoming invalid.
Presentation at the MedTech Summit 2018 in Brussels concerning the new EU regulatory regime for economic operators in the supply chain of medical devices and IVDs
Presentation at the Advamed MedTech conference in Boston on 25 September regarding the state of implementation of the EU Medical Devices Regulation MDR, and what companies can still do before its date of application on 26 May 2020
Use of left over samples under the IVDR and GDPRErik Vollebregt
Presentation on the RAPS Convergence 2017 about the use of left over samples in performance evaluation under the In Vitro Diagnostics Regulation (IVDR) and under the General Data Protection Regulation (GDPR)
This presentation describes regulatory hurdles to keep in mind when acquiring / selling medical devices companies with CE certificates to prevent them from becoming invalid.
Q1 Medical Devices Regulation - practical consequences for manufacturersErik Vollebregt
Presentation at the Q1 MDR conference in Arlington on 12 July 2018 about the consequences of the EU Medical Devices Regulation for US companies in the medtech industry
Presentation at the 29-30 January 2014 Informa Medical Devices Revision conference in Brussels regarding developments in relation to the Eudamed database and its rule in the new EU medical devices system
Liability insurance requirements under the new EU Medical Devices Regulation ...Erik Vollebregt
Presentation at the Q1 conference on 23 May about the new liability regime likely to be imposed under the new new EU Medical Devices Regulation and In Vitro Diagnostics Regulation.
Presentation delivered at the RMD 2016 conference (European Symposium on the New Agreed Draft Regulations on Medical Devices) in Prague on 7 November 2016
New legal obligations and liability under MDR and IVDRErik Vollebregt
Presentation at the MedTech Summit in Amsterdam on 19 June 2017 on the product liability regime under the MDR and IVDR, its nexus with the EU Product Liability Directive and its impact on other provisions in the MDR / IVDR
Presentation about transparency under the new MDR and IVDR at Informa Medtech Summit in Clinical evaluations and investigations for medical devices track
Presentation at the Dutch Sterilisation Association annual meeting about how the new EU Medical Devices Regulation affects the sterilisation industry specifically.
3D medtech printing under EU Medical Devices Directive and under future Medic...Erik Vollebregt
3D medtech printing conference maastricht presentation discussing 3D medtech printing under EU Medical Devices Directive and under future Medical Devices Regulation
With the COVID-19 crisis, the Medical Device Regulations (MDR) have been pushed back one year, this delay has given a respite for those companies that were not quite ready for the increase regulations.
In this session, we will be discussing the current status of the medical device industry regarding MDR and what are others doing to get ready.
This presentation originally aired during the 2021 State of Medical Device Virtual Summit.
EMMA International Consulting Group CEO, Dr. Carmine Jabri, will be cohosting a webinar with Jan Flegeau, Director of Regulatory Affairs, to give an overview of what’s to come from the EU MDR.
EU General Data Protection Regulation top 8 operational impacts in personal c...Erik Vollebregt
Presentation to the Personal Connected Health Alliance about the top 8 operational impacts of the EU General Data Protection Regulation on companies in the personal connected health field.
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
Presentation at the COCIR annual meeting on 17 March 2016 regarding the top 7 operational impacts of the new EU General Data Protection Regulation for health IT companies.
Q1 Medical Devices Regulation - practical consequences for manufacturersErik Vollebregt
Presentation at the Q1 MDR conference in Arlington on 12 July 2018 about the consequences of the EU Medical Devices Regulation for US companies in the medtech industry
Presentation at the 29-30 January 2014 Informa Medical Devices Revision conference in Brussels regarding developments in relation to the Eudamed database and its rule in the new EU medical devices system
Liability insurance requirements under the new EU Medical Devices Regulation ...Erik Vollebregt
Presentation at the Q1 conference on 23 May about the new liability regime likely to be imposed under the new new EU Medical Devices Regulation and In Vitro Diagnostics Regulation.
Presentation delivered at the RMD 2016 conference (European Symposium on the New Agreed Draft Regulations on Medical Devices) in Prague on 7 November 2016
New legal obligations and liability under MDR and IVDRErik Vollebregt
Presentation at the MedTech Summit in Amsterdam on 19 June 2017 on the product liability regime under the MDR and IVDR, its nexus with the EU Product Liability Directive and its impact on other provisions in the MDR / IVDR
Presentation about transparency under the new MDR and IVDR at Informa Medtech Summit in Clinical evaluations and investigations for medical devices track
Presentation at the Dutch Sterilisation Association annual meeting about how the new EU Medical Devices Regulation affects the sterilisation industry specifically.
3D medtech printing under EU Medical Devices Directive and under future Medic...Erik Vollebregt
3D medtech printing conference maastricht presentation discussing 3D medtech printing under EU Medical Devices Directive and under future Medical Devices Regulation
With the COVID-19 crisis, the Medical Device Regulations (MDR) have been pushed back one year, this delay has given a respite for those companies that were not quite ready for the increase regulations.
In this session, we will be discussing the current status of the medical device industry regarding MDR and what are others doing to get ready.
This presentation originally aired during the 2021 State of Medical Device Virtual Summit.
EMMA International Consulting Group CEO, Dr. Carmine Jabri, will be cohosting a webinar with Jan Flegeau, Director of Regulatory Affairs, to give an overview of what’s to come from the EU MDR.
EU General Data Protection Regulation top 8 operational impacts in personal c...Erik Vollebregt
Presentation to the Personal Connected Health Alliance about the top 8 operational impacts of the EU General Data Protection Regulation on companies in the personal connected health field.
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
Presentation at the COCIR annual meeting on 17 March 2016 regarding the top 7 operational impacts of the new EU General Data Protection Regulation for health IT companies.
Presentation at the yearly Regulanet conference about application of EU data protection rules to medical devices and end-to-end solutions incorporating medical devices.
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
U.S. healthcare organizations must soon comply with the EU’s General Data Protection Regulation (GDPR) - which goes far beyond the Health Insurance Portability and Accountability Act (HIPAA) - or face major fines. Here’s a guide to get started.
Slides from Niall Rooney FP Logue presentation at Food & Drink Business Europe event at Citywest Dublin on 05/09/2019 - *For Information Only, Not Legal Advice*
An introduction to the General Data Protection Regulation (GDPR) and its implications for research data management. Presentation given by Tim Rodgers of Imperial College London at the London Area Research Data meeting, held at the London School of Hygiene & Tropical Medicine on 17th Nov 2017.
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
EU cybersecurity requirements under current and future medical devices regula...Erik Vollebregt
Presentation delivered at Q1 MEDICAL DEVICE CYBERSECURITY RISK MITIGATION conference in Washington on 25 July 2016 concerning EU cybersecurity requirements under current and future medical devices regulation
Legal Framework for Digital Health Innovation - Data Protection and SecurityDayOne
Presentation by Monika Menz, Vossius & Partner at the DayOne Expert Event Legal challenges and opportunities for digital health innovation.
Data - GDPR still governs the data protection landscape and is here to stay. But GDPR is more than an implementation issue – innovators need to embrace its principles already when designing their products, not only to be compliant but also to gain the trust of customers and patients. As healthcare innovations are IT dependent and data driven, data and IT security are often neglected. But they are key to convincing investors and customers of the innovator’s business model, because the stakes are high, not only in terms of a start-up’s reputation and liability, but ultimately and most of all in terms of the patient’s interests as well.
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
https://wso2.com/solutions/regulatory-compliance/gdpr/
The EU General Data Protection Regulation (GDPR) has many identity architects uniquely positioned to help their organizations to comply with the ruling.
Effective from 25th May 2018, the regulation 2016/679 of the European parliament and of the council, replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe. It aims to protect and empower all EU residents' data privacy and to reshape the way organizations across the region approach data privacy. GDPR is also quite prominent due to the heavy penalties introduced for violators — which could be as much as 4% of the annual global turnover or €20 million (whichever is greater).
In this webinar we will discuss all technical aspects of the regulation and what steps you as an identity architect can take to ensure that your security strategy is primed for GDPR.
Managing New Requirement for Economic Operator RegimeErik Vollebregt
Presentation of new economic operator regime under the new EU Medical Devices and IVDs Regulations, delivered at the Q1 Medical Devices Regulation conference on 16 July 2019
Changes in device classification under the EU Medical Devices and In Vitro Di...Erik Vollebregt
Presentation at the Q1 Intensive MDR/IVDR Readiness
and Transition Management Workshop about classification changes under the EU Medical Devices and In Vitro Diagnostic Regulation
Rate Controlled Drug Delivery Systems, Activation Modulated Drug Delivery Systems, Mechanically activated, pH activated, Enzyme activated, Osmotic activated Drug Delivery Systems, Feedback regulated Drug Delivery Systems systems are discussed here.
TEST BANK For Accounting Information Systems, 3rd Edition by Vernon Richardso...rightmanforbloodline
TEST BANK For Accounting Information Systems, 3rd Edition by Vernon Richardson, Verified Chapters 1 - 18, Complete Newest Version
TEST BANK For Accounting Information Systems, 3rd Edition by Vernon Richardson, Verified Chapters 1 - 18, Complete Newest Version
TEST BANK For Accounting Information Systems, 3rd Edition by Vernon Richardson, Verified Chapters 1 - 18, Complete Newest Version
Feeding plate for a newborn with Cleft Palate.pptxSatvikaPrasad
A feeding plate is a prosthetic device used for newborns with a cleft palate to assist in feeding and improve nutrition intake. From a prosthodontic perspective, this plate acts as a barrier between the oral and nasal cavities, facilitating effective sucking and swallowing by providing a more normal anatomical structure. It helps to prevent milk from entering the nasal passage, thereby reducing the risk of aspiration and enhancing the infant's ability to feed efficiently. The feeding plate also aids in the development of the oral muscles and can contribute to better growth and weight gain. Its custom fabrication and proper fitting by a prosthodontist are crucial for ensuring comfort and functionality, as well as for minimizing potential complications. Early intervention with a feeding plate can significantly improve the quality of life for both the infant and the parents.
ICH Guidelines for Pharmacovigilance.pdfNEHA GUPTA
The "ICH Guidelines for Pharmacovigilance" PDF provides a comprehensive overview of the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH) guidelines related to pharmacovigilance. These guidelines aim to ensure that drugs are safe and effective for patients by monitoring and assessing adverse effects, ensuring proper reporting systems, and improving risk management practices. The document is essential for professionals in the pharmaceutical industry, regulatory authorities, and healthcare providers, offering detailed procedures and standards for pharmacovigilance activities to enhance drug safety and protect public health.
INFECTION OF THE BRAIN -ENCEPHALITIS ( PPT)blessyjannu21
Neurological system includes brain and spinal cord. It plays an important role in functioning of our body. Encephalitis is the inflammation of the brain. Causes include viral infections, infections from insect bites or an autoimmune reaction that affects the brain. It can be life-threatening or cause long-term complications. Treatment varies, but most people require hospitalization so they can receive intensive treatment, including life support.
We are one of the top Massage Spa Ajman Our highly skilled, experienced, and certified massage therapists from different corners of the world are committed to serving you with a soothing and relaxing experience. Luxuriate yourself at our spas in Sharjah and Ajman, which are indeed enriched with an ambiance of relaxation and tranquility. We could confidently claim that we are one of the most affordable Spa Ajman and Sharjah as well, where you can book the massage session of your choice for just 99 AED at any time as we are open 24 hours a day, 7 days a week.
Visit : https://massagespaajman.com/
Call : 052 987 1315
International Cancer Survivors Day is celebrated during June, placing the spotlight not only on cancer survivors, but also their caregivers.
CANSA has compiled a list of tips and guidelines of support:
https://cansa.org.za/who-cares-for-cancer-patients-caregivers/
COVID-19 PCR tests remain a critical component of safe and responsible travel in 2024. They ensure compliance with international travel regulations, help detect and control the spread of new variants, protect vulnerable populations, and provide peace of mind. As we continue to navigate the complexities of global travel during the pandemic, PCR testing stands as a key measure to keep everyone safe and healthy. Whether you are planning a business trip, a family vacation, or an international adventure, incorporating PCR testing into your travel plans is a prudent and necessary step. Visit us at https://www.globaltravelclinics.com/
Trauma Outpatient Center is a comprehensive facility dedicated to addressing mental health challenges and providing medication-assisted treatment. We offer a diverse range of services aimed at assisting individuals in overcoming addiction, mental health disorders, and related obstacles. Our team consists of seasoned professionals who are both experienced and compassionate, committed to delivering the highest standard of care to our clients. By utilizing evidence-based treatment methods, we strive to help our clients achieve their goals and lead healthier, more fulfilling lives.
Our mission is to provide a safe and supportive environment where our clients can receive the highest quality of care. We are dedicated to assisting our clients in reaching their objectives and improving their overall well-being. We prioritize our clients' needs and individualize treatment plans to ensure they receive tailored care. Our approach is rooted in evidence-based practices proven effective in treating addiction and mental health disorders.
CHAPTER 1 SEMESTER V PREVENTIVE-PEDIATRICS.pdfSachin Sharma
This content provides an overview of preventive pediatrics. It defines preventive pediatrics as preventing disease and promoting children's physical, mental, and social well-being to achieve positive health. It discusses antenatal, postnatal, and social preventive pediatrics. It also covers various child health programs like immunization, breastfeeding, ICDS, and the roles of organizations like WHO, UNICEF, and nurses in preventive pediatrics.
Cold Sores: Causes, Treatments, and Prevention Strategies | The Lifesciences ...The Lifesciences Magazine
Cold Sores, medically known as herpes labialis, are caused by the herpes simplex virus (HSV). HSV-1 is primarily responsible for cold sores, although HSV-2 can also contribute in some cases.
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...The Lifesciences Magazine
Deep Leg Vein Thrombosis occurs when a blood clot forms in one or more of the deep veins in the legs. These clots can impede blood flow, leading to severe complications.
The dimensions of healthcare quality refer to various attributes or aspects that define the standard of healthcare services. These dimensions are used to evaluate, measure, and improve the quality of care provided to patients. A comprehensive understanding of these dimensions ensures that healthcare systems can address various aspects of patient care effectively and holistically. Dimensions of Healthcare Quality and Performance of care include the following; Appropriateness, Availability, Competence, Continuity, Effectiveness, Efficiency, Efficacy, Prevention, Respect and Care, Safety as well as Timeliness.
2. GDPR hateful eight
Connected health related top 8 points of attention:
1. Informed consent criteria
2. Data concerning health scope
3. Right to be forgotten (applies to commercial collection of
health data)
4. Impact assessment (and privacy by design)
• For data concerning health
• In case of profiling
5. Profiling requirements
• including right to object if processing significantly
affects data subject
6. Data portability right of user
7. Security requirements
8. Export of data to extra-EU jurisdictions
3.
4.
5. Health data case
study
• DPAs already take expansive view of
health data
• Performance data becomes health data
6. GDPR’s Hateful 8
Connected health related top 8 points of attention:
1. Informed consent criteria
2. Data concerning health scope
3. Right to be forgotten (applies to commercial collection of
health data)
4. Impact assessment (and privacy by design)
• For data concerning health
• In case of profiling
5. Profiling requirements
• including right to object if processing significantly
affects data subject
6. Data portability right of user
7. Security requirements
8. Export of data to extra-EU jurisdictions
7. Consent-based
business model tricky
‘GDPR: ‘means any freely given, specific,
informed and unambiguous indication of the
data subject's wishes by which he or she, by a statement or by a
clear affirmative action, signifies agreement to the processing of
personal data relating to him or her’
Recitals 32, 42 and 43 GDPR
• silence, pre-ticked boxes or inactivity do not constitute consent
• Processing for multiple purposes? Consent should be given for
all of them!
• Controller must be able to prove valid consent was obtained and
provide intelligible consent language
• Consent invalid “in a specific case where there is a clear
imbalance between the data subject and the controller” 7
9. When is health data anonymous?
WP 216 on Anonymisation Techniques (para 2.2):
• Anonymisation is further processing personal data with the aim of
irreversibly preventing identification of the data subject.
• Several anonymisation techniques may be envisaged, there is no
prescriptive standard in EU legislation.
• Importance should be attached to contextual elements: account must be
taken of “all” the means “likely reasonably” to be used for (re-)
identification by the controller and third parties
• A risk factor is inherent to anonymisation: this risk factor is to be
considered in assessing the validity of any anonymisation technique –
pseudonomisation is not anonymisation (e.g. if linkable through
datasets)
10. Research – ‘Right to be forgotten’
Article 17 (1) GDPR: The data subject has the right to obtain the
erasure of personal without undue delay from the controller.
The ‘right to be forgotten’ ONLY does not apply if the processing
takes place:
‘for archiving purposes in the public interest, scientific or historical
research purposes or statistical purposes in accordance with
Article 89(1) in so far as the right referred to in paragraph 1 is likely
to render impossible or seriously impair the achievement of the
objectives of that processing.’ (article 17 (3) (d)
Right to be forgotten does apply in all commercial processing of
health data for the purpose of services!
12. Impact Assessment
Article 35
• PIA prior to processing
• Authorities will make lists of operations subject to PIA
• Prior consultation of DPA regarding residual risks (article 36)
14. Profiling requirements
• Profiling based on health data -> always PIA
• 'profiling' means any form of automated processing of personal data
consisting of the use of personal data to evaluate certain personal
aspects relating to a natural person, in particular to analyse or predict
aspects concerning that natural person's performance at work, economic
situation, health, personal preferences, interests, reliability, behaviour,
location or movements;
• Data subject must be informed
• Article 22: right not to be subject to a decision based solely on
automated processing, including profiling, which produces legal effects
concerning him or her or similarly significantly affects him or her, unless
• decision is necessary for performance or entering into contract
• decision is based on explicit consent
• AND:
• explicit consent in case of profiling based on health data
• suitable measures to safeguard the data subject's rights and
freedoms and legitimate interests are in place
16. Security
Data controllers and processors should implement appropriate
technical & organizational measures to protect data from loss or
any form of unlawful processing
• Article 32 defines security principles
Security measures must take into account (recital 78):
• Nature of the data to be protected and consequences of security
breach
• State of the art
• Security by design
• Aim to prevent unnecessary collection and further processing of
personal data
• Overriding principle: Plan-Do-Check-Act
• Data breach notification (article 33/34)
• to DPA (<72 hours) and to data subject
• processor must inform controller
17. Export
Chapter 5
Export only with legal basis:
• Adequacy decision (or Privacy Shield)
• Appropriate safeguards (BCR and SCCs) ensuring third party rights for
data subjects, approved code or certification mechanism
• Specific situation
• informed consent
• necessary for performance of contract
18. Known unknowns and wide open
doors
• This means that member states can still require geofencing, hosting
accreditation and things like that for processing of genetic, biometric
and/or health data!
• Only restriction is that these cannot be contrary to the requirements of
the internal market and must be proportionate
20. What’s interesting in the AVG implementation
act?
Article 19 – cooperation protocols with other CAs in NL (typical Dutch thing)
Exercise of discretion under article 9 (4) GPDR:
Article 24 UAVG re processing that is necessary for archiving purposes in
the public interest, scientific or historical research purposes or statistical
purposes in accordance with Article 89(1) based on Union or Member State
law - additional requirements in Article 24 (b), (c) and (d):
Research must be in general interest
Asking consent must be impossible or prohibitively difficult
Safeguards against unjustifiable damage to data subjects privacy
Seems to exclude commercial research given general interest criterion
What about vigilance and PMS data?
21. What’s interesting in the AVG implementation
act?
Exercise of discretion under article 9 (4) GPDR:
Article 30 IAVG – exceptions re data concerning health
Processing of data concerning health allowed for government, pension funds,
employers or institutions active on their behalf for execution of tasks and re-
integration (Art 30 (1) – article 9 (2) (b) GDPR) – implementation of secrecy like
in article 9 (2) (h) GDPR
Processing of data concerning health allowed by schools and rehabilitation
services insofar as necessary for their tasks (Art 30 (2) – implementation of
secrecy like in article 9 (2) (h) GDPR
Processing of data concerning health for HCP, health institutions and social
services insofar as necessary for their tasks and insurance companies (Art 30
(3) – article 9 (2) (h) GDPR)
Processing on the above three bases only by persons under professional or
contractual secrecy (Article 30 (4))
Unclear if this includes contractual third parties referred to in Article 9 (2) (h) GDPR
(service providers to HCPs and health institutions)
If treatment or care require it then processing of data concerning health can be
mixed with processing of other categories of sensitive data (Article 30 (5)
Issue
22. What’s interesting in the AVG implementation
act?Convenient implementation table to check exercise of national discretion
24. General EU current security
regulations and standards: data
protection
• Protection against e.g. alteration and unauthorized access have
everything to do with cybersecurity, as these impact directly on safety
and performance of the device.
• Non harmonization of the Data Protection Directive is a big problem
because it leads to the situation of member states taking different views
on security terms requirements.
• Dutch NCA refers to ISO 27000 family as informal harmonised standard
• Dutch sauce ISO 27002 mandatory standard in Dutch healthcare
market (NEN 7510, 7512 and 7513)
25. General EU security regulations and
standards
• Currently authorities mainly approach cybersecurity issues via Data Protection
Directive, which features a secutiry regime in Article 17(1):
26. Privacy by design obligations for
medical devices
• WP 223: Controller has responsibility for security of IoT devices
• Parties purchasing OEM devices and solutions will want privacy by
design compliance warranties
27. Privacy by design obligations for
medical devices
WP 223 on end of life devices and remote monitoring / measuring devices
28. Concurrent privacy by design
requirements under GDPR
• General Data Protection Regulation has already entered into force,
transitional period ending 25 May 2018
• Will apply to any device that processes personal data, both on hardware
and software level – possible overlaps with MDR
• Requires privacy by
• Design
• Default
• Requires cybersecurity measures, but so does the MDR
• GSPRs 17.1, 17.2 and 17.4
29. GDRP security thinking
Recital 81: “the controller should use only processors providing sufficient
guarantees, in particular in terms of expert knowledge, reliability and
resources, to implement technical and organisational measures which will
meet the requirements of this Regulation, including for the security of
processing. ”
30. GDPR security thinking
• Under the MDR / IVDR costs of implementation are irrelevant for risk
reduction (AFAP principle in GSPR 2)
32. Security design requirements (art.
32)
Controller and the processor shall implement appropriate technical and
organisational measures to ensure a level of security appropriate to the
risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of personal data
(b) the ability to ensure the ongoing confidentiality, integrity, availability and
resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a
timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the
effectiveness of technical and organisational measures for ensuring the
security of the processing.
Take account of risks that are presented by processing, e.g. accidental or
unlawful destruction, loss, alteration, unauthorised disclosure of, or access
to personal data transmitted, stored or otherwise processed.
33. Overlap of risks and different
approaches
MDR / IVDR
• Security by design aimed to safeguard safety and performance (Safety,
Reliability and Availability (SRA) for cyber physical systems)
GDPR
• Security by design and default aimed at data integrity (Confidentiality–
Integrity–Availability (CIA) for corporate processes)
Map security risks under GDPR that are also (partially) safety and
performance risks under MDR / IVDR
• Those risks are subject to AFAP reduction by means of design insofar as
they concern the device (GSPR 2 and EN ISO 14971:2012 ZABC
annexes)
34. Overlap of risks and different
approaches - nice model
GDPR orientation
MDR / IVDR orientation
35. It all starts with a PIA and selection
of approaches based on that
Mandatory and prior to processing if processing is likely to
result in a high risk to the rights and freedoms of natural
person, especially in case of
(a) systematic and extensive evaluation of personal aspects
relating to natural persons based on automated processing
(incl. profiling), and on which decisions are based that
produce legal effects concerning the natural person or
similarly significantly affect the natural person;
(b) processing on a large scale of special categories of data
(e.g. health); or
(c) systematic monitoring of a publicly accessible area on a
large scale
• Mandatory advice of the data protection officer required
• Authorities to specify what processing subject to PIA
36. www.axonlawyers.com
THANKS FOR YOUR ATTENTION
Erik Vollebregt
Axon Lawyers
Piet Heinkade 183
1019 HC Amsterdam
T +31 88 650 6500
M +31 6 47 180 683
E erik.vollebregt@axonlawyers.com
@meddevlegal
B http://medicaldeviceslegal.com
READ MY BLOG:
http://medicaldeviceslegal.com
Editor's Notes
Potential future health status: any information where there is a scientifically proven or commonly perceived risk of disease in the future, such as obesity, blood pressure, personal habits involving tobacco, alcohol or drugs
Past, current and future health status