Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more

General Data Protection Regulation (GDPR)

Introduction to the General Data Protection Regulation (GDPR). Interview with a legal expert of the University of Groningen.
JEANNE MIFSUD BONNICI: Thank you for having me here. I’m Jeanne Mifsud Bonnici. I am a professor of Technology Law and Human Rights at the faculty of Law of the University of Gronigen. My teaching and research thus relates about this relationship between technology, on the one hand, and law on the other side. In this context, I’ve also participated in two online courses, one on the General Data Protection Regulation, and the other on the use of health data in the medical context.
Thank you. That’s a good question. Why? The legislator has made a separation in the GDPR between normal personal data, so our name, our information, and other categories of data that are more sensitive, for example, your political belief. And in this category of sensitive data, there is also health data, or data concerning health. And so we thought this needs more attention because it’s a sensitive category of data.
Processing of sensitive data, or as the law calls it, special category of data, and it tells you already it’s a special category, so we can’t just use it whenever we want. There are situations where we can use it. One situation is where the person whose data we are going to use gives consent. They allow us to use that data. Other situations are when it’s in the interest, vital interest, of that person. So imagine a person has just had a serious accident. They cannot speak. That means, though, still that we can use their data, and we can use the medical situation for their health.
The third, and related to this, is to provide them with healthcare There are some conditions for this, but of course, data is allowed to be used in the healthcare context. Fourthly, and also very importantly, we’re allowed to use some of this health data in the context of research and statistical analysis. Of course, when we’re using this data in any of these situations, we also need to make sure that we’re using it responsibly. So we need to make sure that we don’t have excessive data that we don’t need. Data minimization principle. We also need to make sure that we’re keeping this in a safe way, in a good way.
For example, if we’re using this in research, we need to consider whether we can anonymize this data or pseudonymize this data and also how to encrypt it and keep it safely.
Yes, there is, and indeed, the law takes care of this in different ways. I will focus on two of these, one before we start using this data and one during the use of this data. The first one is a data protection impact assessment. When we’re using a lot of data, it is good to stop, reflect, what will be the effect of using this data on the rights of these data subjects? This process is often referred to as a data protection impact assessment. A second thing is that every institution has what is known as a data protection officer. This person is mostly responsible to see that we do abide by the General Data Protection Regulation.
Indeed, not everything always goes right, and the legislator thought about this too and has made rules on how we deal with a situation like a data breach. If a data breach happens unfortunately, then we need to report. Not months later, but within 72 hours. So there is a very strong obligation to report this quickly. To whom? First, to the data protection officer of the organisation and to the data protection authority of that country. In certain situations, we also need to inform the data subjects, or the people whose data has been breached and possibly made public.
We offer two courses online, one on the General Data Protection Regulation and one more specifically on data concerning health. Both give a good basis of understanding on how the rules on data work. As a research group, the STeP research group works very closely on these teams, and you can visit our website for our recent publications on this topic.

To learn more about the General Data Protection Regulation (GDPR), we have turned to legal expert Jeanne Mifsud-Bonnici.

Jeanne is a Professor in European Technology Law and Human Rights at the University of Groningen, the Netherlands. She is also involved in the FutureLearn course on Understanding the GDPR and educator of the course on Protecting Health Data in the Modern Age: Getting to Grips with the GDPR.

In this video, we ask her to explain why the GDPR is so relevant for the implementation of AI in healthcare. Want to know more about the GDPR? Don’t hesitate to take these FutureLearn courses as well!

This article is from the free online

How Artificial Intelligence Can Support Healthcare

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now