Abstract
In this paper, we investigate the implications of the General Data Protection Regulation (GDPR) on the design of a Cloud-based Health System. Keeping secure healthcare information and protecting patients’ privacy is a major responsibility of all healthcare providers. On May 25th 2018, when the GDPR has become mandatory within the European Union, this responsibility has been increased. Failure to comply with GDPR can result in huge fines. For this reason, it is of vital importance any health care organization to explore ways for achieving protection of the data subjects and ensuring GDPR compliance.
GDPR introduces the ‘special category of personal data’, that includes health data and is subject to special conditions regarding treatment and access by third parties. The focus of this research work is to provide guidelines for Cloud-based health Organizations in order to comply with GDPR and ensure patients’ privacy and rights. In this paper, we demonstrate, in a practical way, how a Cloud provider may handle the difficulties of the legal framework by summarizing the legal text, identifying the GDPR requirements, highlighting the obligations that are specific for health data and providing guidelines for satisfying the GDPR requirements for a Cloud-based Health provider.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council L 119. Official Journal of the European Union (2016)
GDPR: GDPR key changes (2017). https://www.eugdpr.org/the-regulation.html
Berendt, B.: ‘Better Data Protection by Design Through Multicriteria Decision Making: On False Trade-offs Between Privacy and Utility’, Privacy Technologies and Policy. Springer, Cham (2017)
ElShekeil, S.A., Laoyookhong, S.: GDPR Privacy by Design: From Legal Requirements to Technical Solutions. Department of Computer and Systems Sciences Stockholm University (2017)
Mohassel, R.R., Fung, A., Mohammadi, F., Raahemifar, K.: A survey on advanced metering infrastructure. Int. J. Electr. Power Energy Syst. 63, 473–484 (2014). https://doi.org/10.1016/j.ijepes.2014.06.025
Newborough, M., Augoud, P.: Demand-side management opportunities for the UK domestic sector. IET Proc. Gener. Trans. Distrib. 146(3), 283–293 (1999)
TACIT Project 2016: Threat Assessment framework for Critical Infrastructures proTection (2016). https://www.tacit-project.eu
WP29 Opinion 1/2009 on e-Privacy Directive, 10 February 2009
Acknowledgment
This research is co-financed by Greece and the European Union (European Social Fund-ESF) through the Operational Programme «Human Resources Development, Education and Lifelong Learning» in the context of the project “Reinforcement of Postdoctoral Researchers - 2nd Cycle” (MIS-5033021), implemented by the State Scholarships Foundation (ΙΚΥ).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Georgiou, D., Lambrinoudakis, C. (2020). GDPR Compliance: Proposed Guidelines for Cloud-Based Health Organizations. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE ADIoT 2020 2020 2020. Lecture Notes in Computer Science(), vol 12501. Springer, Cham. https://doi.org/10.1007/978-3-030-64330-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-64330-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-64329-4
Online ISBN: 978-3-030-64330-0
eBook Packages: Computer ScienceComputer Science (R0)