general data protection regulation › rs › 005-shs-767 › ... · on may 25, 2018, a new...
TRANSCRIPT
![Page 1: General Data Protection Regulation › rs › 005-SHS-767 › ... · On May 25, 2018, a new milestone in the privacy law called the General Data Protection Regulation (GDPR), goes](https://reader033.vdocuments.site/reader033/viewer/2022060401/5f0e3f637e708231d43e5215/html5/thumbnails/1.jpg)
General Data Protection Regulation
(GDPR)
GE Healthcare
![Page 2: General Data Protection Regulation › rs › 005-SHS-767 › ... · On May 25, 2018, a new milestone in the privacy law called the General Data Protection Regulation (GDPR), goes](https://reader033.vdocuments.site/reader033/viewer/2022060401/5f0e3f637e708231d43e5215/html5/thumbnails/2.jpg)
On May 25, 2018, a new milestone in the privacy law called the General Data Protection Regulation (GDPR), goes into full effect in the European Union. GDPR provides a higher standard of protection and privacy of personal data for citizens of the EU.
Anyone in the EU who undertakes processingof personal data will be bound by GDPR. As the services that you deliver to your patients require handling health related data which is sensitive, GDPR will impact your organisation.
Taking data privacy to the next level with GDPR.
Compliance with GDPR requires a partnership between you and GE Healthcare when you are using our services. One of the most tangible elements of GDPR compliance is a Data Processing Agreement signed between you and your suppliers. This agreement defines the processing performed.
It is important to meet GDPR obligations, non compliance could be sanctioned by heavy fines.
![Page 3: General Data Protection Regulation › rs › 005-SHS-767 › ... · On May 25, 2018, a new milestone in the privacy law called the General Data Protection Regulation (GDPR), goes](https://reader033.vdocuments.site/reader033/viewer/2022060401/5f0e3f637e708231d43e5215/html5/thumbnails/3.jpg)
Each time GE Healthcare provides you Services, patient data is potentially processed, we need to ensure this is done in a controlled manner to comply with the rights of data subjects when handling their personal information.
We have prepared a Data Processing Agreement that complies with GDPR and is available to you.
You, to meet GDPR requirements as a Controller, need to show that you are in control of the data processing performed by GE Healthcare.
GE Healthcare, as a Processor , to demonstrate that we are handling data in accordance with GDPR and your requirements.
This agreement must be signed by both organisations:
You are taking care of your patients and their data. We have the same sense of responsibility.
Signing the Data Processing Agreement is the cornerstone of our mutual compliance.
1
2
DATADATA DATA
Remote servicesOnsite services
Proactive servicesIntegration services
Optimization servicesEducational services
AssetPlus™Centricity™DoseWatchHealthcloud
iCenterOnwatchMEDICAL DEVICE DATA CONTROLLER GE HEALTHCARE
DATA PROCESSOR
![Page 4: General Data Protection Regulation › rs › 005-SHS-767 › ... · On May 25, 2018, a new milestone in the privacy law called the General Data Protection Regulation (GDPR), goes](https://reader033.vdocuments.site/reader033/viewer/2022060401/5f0e3f637e708231d43e5215/html5/thumbnails/4.jpg)
Our ongoing commitment to data protection.
We have worked attentively over the past years to help our customers address the EU data protection requirements.
GE Healthcare has adopted this Information Security Management Systems (ISMS) framework.* Per this framework, the scope and applicability of these certifications will be continuously increased.
GE Healthcare integrates privacy in the entire life cycle of systems and process development.
ISO 27001* PRIVACY BY DESIGN
For international transfers, GE Healthcare relies on different EU approved legal mechanisms (Model Clauses, Privacy Shield and Binding Corporate Rules).
We have a dedicated privacy and security team to develop and support policies, processes and training.
ORGANISATION INTERNATIONAL FRAMEWORK
EU LEGISLATION
2011 2012 2013 2014 2015 2016 2017 2018
European Data Protection Directive 95/46/EC24/10/1995
BCR-C (Binding Corporate Rules – Controller, employee data)2005
ISO27001 GE HC Systems2014
Privacy Shield EU-US Certification2016
BCR-P (Processor of Customer data) approval expected by
Mid 2018
Model Clauses Agreement2015
Safe Harbor EU-US certification
2014
ISO27001 GE HC Digital2005
Safe Harbor invalidation (CJEU) 06/10/2015
EU-US Privacy Shield adoption02/02/2016
GDPR enforcement
25/05/2018
GDPR EU 2016/679 adoption27/04/2016
Safe Harbor adoption26/07/2000
TODAY
GE Healthcare Initial Data Privacy program GE Healthcare GDPR Project
GE Healthcare and Customer Data Processing
Agreement signature
BCR-C (commercial data)2014
GE Healthcare Data Privacy Improvement program
![Page 5: General Data Protection Regulation › rs › 005-SHS-767 › ... · On May 25, 2018, a new milestone in the privacy law called the General Data Protection Regulation (GDPR), goes](https://reader033.vdocuments.site/reader033/viewer/2022060401/5f0e3f637e708231d43e5215/html5/thumbnails/5.jpg)
Our ongoing commitment to data protection.
GE Healthcare as the Processor transposes the obligations we have with you as a controller to our suppliers involved with data processing.
SUB-PROCESSORSWe have closely analysed
the requirements of GDPR,
and we have reviewed our
services and processes to
comply with this new
regulation.
We have carried out an extensivedata protection impact assessmentrelated to processing of personal data.
RISK MANAGEMENT
GE Healthcare revised its incident investigation process to support breach notification should it be required.
BREACH NOTIFICATION & INCIDENT REPORTING
EU LEGISLATION
2011 2012 2013 2014 2015 2016 2017 2018
European Data Protection Directive 95/46/EC24/10/1995
BCR-C (Binding Corporate Rules – Controller, employee data)2005
ISO27001 GE HC Systems2014
Privacy Shield EU-US Certification2016
BCR-P (Processor of Customer data) approval expected by
Mid 2018
Model Clauses Agreement2015
Safe Harbor EU-US certification
2014
ISO27001 GE HC Digital2005
Safe Harbor invalidation (CJEU) 06/10/2015
EU-US Privacy Shield adoption02/02/2016
GDPR enforcement
25/05/2018
GDPR EU 2016/679 adoption27/04/2016
Safe Harbor adoption26/07/2000
TODAY
GE Healthcare Initial Data Privacy program GE Healthcare GDPR Project
GE Healthcare and Customer Data Processing
Agreement signature
BCR-C (commercial data)2014
GE Healthcare Data Privacy Improvement program
![Page 6: General Data Protection Regulation › rs › 005-SHS-767 › ... · On May 25, 2018, a new milestone in the privacy law called the General Data Protection Regulation (GDPR), goes](https://reader033.vdocuments.site/reader033/viewer/2022060401/5f0e3f637e708231d43e5215/html5/thumbnails/6.jpg)
It is time to get ready for GDPR.
We are committed to our customers’ success, including meeting GDPR obligations.
Consider how you can leverage GE Healthcare compliance capabilities as part of your own regulatory compliance framework.
GE imagination at work
GE Healthcare provides transformational medical technologies and services to meet the demand for increased access, enhanced quality and more affordable healthcare around the world. GE works on things that matter - great people and technologies taking on tough challenges. From medical imaging, software & IT, patient monitoring and diagnostics to drug discovery, biopharmaceutical manufacturing technologies and performance improvement solutions, GE Healthcare helps medical professionals deliver great healthcare to their patients.
GE HealthcareChalfont St.Giles,Buckinghamshire,UK
gehealthcare.com
Data subject to change.Marketing Communications GE
Medical Systems.A General Electric company, doing
business as GE Healthcare.GE, the GE Monogram, imagination at work are trademarks of General
Electric Company.All third party trademarks are the
property of their respective owner.
©2017 General Electric Company – All rights reserved.
JB52265GB
Data Privacy Team C/O Customer Service CentreGE Healthcare
Pollards Wood - Nightingales LaneChalfont St GilesHP8 4SPPhone 08457 333 999Email [email protected]