General Data Protection Regulation

(GDPR)

GE Healthcare

On May 25, 2018, a new milestone in the privacy law called the General Data Protection Regulation (GDPR), goes into full effect in the European Union. GDPR provides a higher standard of protection and privacy of personal data for citizens of the EU.

Anyone in the EU who undertakes processingof personal data will be bound by GDPR. As the services that you deliver to your patients require handling health related data which is sensitive, GDPR will impact your organisation.

Taking data privacy to the next level with GDPR.

Compliance with GDPR requires a partnership between you and GE Healthcare when you are using our services. One of the most tangible elements of GDPR compliance is a Data Processing Agreement signed between you and your suppliers. This agreement defines the processing performed.

It is important to meet GDPR obligations, non compliance could be sanctioned by heavy fines.

Each time GE Healthcare provides you Services, patient data is potentially processed, we need to ensure this is done in a controlled manner to comply with the rights of data subjects when handling their personal information.

We have prepared a Data Processing Agreement that complies with GDPR and is available to you.

You, to meet GDPR requirements as a Controller, need to show that you are in control of the data processing performed by GE Healthcare.

GE Healthcare, as a Processor , to demonstrate that we are handling data in accordance with GDPR and your requirements.

This agreement must be signed by both organisations:

You are taking care of your patients and their data. We have the same sense of responsibility.

Signing the Data Processing Agreement is the cornerstone of our mutual compliance.

1

2

DATADATA DATA

Remote servicesOnsite services

Proactive servicesIntegration services

Optimization servicesEducational services

AssetPlus™Centricity™DoseWatchHealthcloud

iCenterOnwatchMEDICAL DEVICE DATA CONTROLLER GE HEALTHCARE

DATA PROCESSOR

Our ongoing commitment to data protection.

We have worked attentively over the past years to help our customers address the EU data protection requirements.

GE Healthcare has adopted this Information Security Management Systems (ISMS) framework.* Per this framework, the scope and applicability of these certifications will be continuously increased.

GE Healthcare integrates privacy in the entire life cycle of systems and process development.

ISO 27001* PRIVACY BY DESIGN

For international transfers, GE Healthcare relies on different EU approved legal mechanisms (Model Clauses, Privacy Shield and Binding Corporate Rules).

We have a dedicated privacy and security team to develop and support policies, processes and training.

ORGANISATION INTERNATIONAL FRAMEWORK

EU LEGISLATION

2011 2012 2013 2014 2015 2016 2017 2018

European Data Protection Directive 95/46/EC24/10/1995

BCR-C (Binding Corporate Rules – Controller, employee data)2005

ISO27001 GE HC Systems2014

Privacy Shield EU-US Certification2016

BCR-P (Processor of Customer data) approval expected by

Mid 2018

Model Clauses Agreement2015

Safe Harbor EU-US certification

2014

ISO27001 GE HC Digital2005

Safe Harbor invalidation (CJEU) 06/10/2015

EU-US Privacy Shield adoption02/02/2016

GDPR enforcement

25/05/2018

GDPR EU 2016/679 adoption27/04/2016

Safe Harbor adoption26/07/2000

TODAY

GE Healthcare Initial Data Privacy program GE Healthcare GDPR Project

GE Healthcare and Customer Data Processing

Agreement signature

BCR-C (commercial data)2014

GE Healthcare Data Privacy Improvement program

Our ongoing commitment to data protection.

GE Healthcare as the Processor transposes the obligations we have with you as a controller to our suppliers involved with data processing.

SUB-PROCESSORSWe have closely analysed

the requirements of GDPR,

and we have reviewed our

services and processes to

comply with this new

regulation.

We have carried out an extensivedata protection impact assessmentrelated to processing of personal data.

RISK MANAGEMENT

GE Healthcare revised its incident investigation process to support breach notification should it be required.

BREACH NOTIFICATION & INCIDENT REPORTING

EU LEGISLATION

2011 2012 2013 2014 2015 2016 2017 2018

European Data Protection Directive 95/46/EC24/10/1995

BCR-C (Binding Corporate Rules – Controller, employee data)2005

ISO27001 GE HC Systems2014

Privacy Shield EU-US Certification2016

BCR-P (Processor of Customer data) approval expected by

Mid 2018

Model Clauses Agreement2015

Safe Harbor EU-US certification

2014

ISO27001 GE HC Digital2005

Safe Harbor invalidation (CJEU) 06/10/2015

EU-US Privacy Shield adoption02/02/2016

GDPR enforcement

25/05/2018

GDPR EU 2016/679 adoption27/04/2016

Safe Harbor adoption26/07/2000

TODAY

GE Healthcare Initial Data Privacy program GE Healthcare GDPR Project

GE Healthcare and Customer Data Processing

Agreement signature

BCR-C (commercial data)2014

GE Healthcare Data Privacy Improvement program

It is time to get ready for GDPR.

We are committed to our customers’ success, including meeting GDPR obligations. 

Consider how you can leverage GE Healthcare compliance capabilities as part of your own regulatory compliance framework.

GE imagination at work

GE Healthcare provides transformational medical technologies and services to meet the demand for increased access, enhanced quality and more affordable healthcare around the world.  GE works on things that matter - great people and technologies taking on tough challenges. From medical imaging, software & IT, patient monitoring and diagnostics to drug discovery, biopharmaceutical manufacturing technologies and performance improvement solutions, GE Healthcare helps medical professionals deliver great healthcare to their patients.

GE HealthcareChalfont St.Giles,Buckinghamshire,UK

gehealthcare.com

Data subject to change.Marketing Communications GE

Medical Systems.A General Electric company, doing

business as GE Healthcare.GE, the GE Monogram, imagination at work are trademarks of General

Electric Company.All third party trademarks are the

property of their respective owner.

©2017 General Electric Company – All rights reserved.

JB52265GB

Data Privacy Team C/O Customer Service CentreGE Healthcare

Pollards Wood - Nightingales LaneChalfont St GilesHP8 4SPPhone 08457 333 999Email DataPrivacy.UKITeam@ge.com